[ Friday, April 01, 2016 ]
Non-HIPAA entities dealing with PHI: Interesting article
Jeff [5:35 PM]
in the NY Times on entities that deal in health information but aren't covered by HIPAA. It illustrates a couple of things: (i) health data comes from all over, and if it comes from a non-HIPAA-covered-entity source (directly or through a business associate), it's not subject to HIPAA. (ii) There are lots of entities that get data that is health related but comes from some non-healthcare source (your Fitbit, your grocery store, your gym) that really should not be subject to HIPAA restrictions. (iii) There are lots of ways that data can be used, amalgamated, analyzed, etc., and no regulatory scheme is going to secure all of them.
Blogger: HIPAA Blog - Edit your Template