When the Department of Health and Human Services issued the Final Omnibus Rule in 2013, the healthcare industry received the final set of clarifications it needed to effectively respond to HIPAA-HITECH compliance regulations. Or did it?
Are HIPAA Regulations really effective?
As technological innovations have spread like wildfire through the healthcare space, some are questioning whether HIPAA effectively addresses what’s happening in the ever-changing world of digital health.
This has led a trade association to push for greater clarity when it comes to digital health companies and HIPAA. The Association for Competitive Technology and several digital health companies are lobbying the Department of Health and Human Services to make user- and developer-friendly information on HIPAA widely available, update documentation to fit current technology and improve outreach to new entrants.
Guidance doesn’t cover current and emerging threats
The group specifically points to cloud technology as an example where HIPAA provides inadequate guidance:
One of their major concerns is that the industry “doesn’t have sufficient clarity from regulators” when it comes to encryption of data that is stored in the cloud.
The proliferation of mobile health apps, cloud-based solutions and telemedicine offerings are among the innovations pushing dramatic change in how care is delivered and how information is shared. Also, it’s important to note that many of the new entrants to the space aren’t healthcare natives, which means they may lack the context necessary to successfully interpret HIPAA and its intentions for the digital arena.
Proponents for more communication and clarity also cite out of date documentation as an issue. An example offered up in a recent article cites guidance on “Remote Use” which was last updated in December of 2006. That would be six months prior to the public availability of very first iPhone. Oh, how times have changed!
What do you think?
Does HIPAA adequately address the digital health space? Or are more calls for clarity on the horizon? Leave your comments below, or join the conversation on Twitter or in our LinkedIn group.
Are you a digital health company that needs help refining your approach to information risk management and compliance? Contact Clearwater today for a personal consultation from an industry-leading expert.
Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.
Latest posts by Michelle Caswell (see all)
- What to Know About OCR Pre-Audit Questionnaires - June 3, 2016
- HIPAA and Firearms. Balancing privacy with public safety. - February 1, 2016
- Cornell Faces Heavy Fines with Latest OCR Resolution Agreement - May 4, 2015