This topic comes up so many times, but most in IT realize the security standards used by Google and Microsoft far exceed those established by HIPAA. The group that is particularly bothersome to me that is not under the auspice of HIPAA is the data base information from the Pharmacy Benefit Managers, which is the information on all the medications we take. That information has been sold at a profit and I don’t see why that information is not better regulated for privacy, after all medications and and our history there of constitutes part of a medical record. That information is also used by insurance companies to accept or deny coverage, so again, why we worry so much about Google and Microsoft who protect the enterprise is a bit beyond me, the PBM data worries me a lot more in not having any privacy regulations.
One other item that comes to mind as well, do the HIPAA police exist? I realize the data bases were originally created to help pharma with their marketing of drugs so they could see which doctors were prescribing what medications and target physicians to increase sales, but now that we have found a beneficial use for the information, such as importing into a personal health record, can we please think about some HIPAA privacy issues here so our medication rap sheets are not for sale? Those are my thoughts on the matter and maybe the entire HIPAA policy should be totally rewritten and we could start fresh. When it comes to privacy I see this as a bigger area of concern rather than worrying about Google and Microsoft at this point, again they protect the enterprise and the government security standards don’t get much higher than that. BD
Prescription Data Used To Assess Consumers - No Privacy Unless You Pay Cash...
Prescriptions risk score used to deny health insurance
Although Google and Microsoft have gotten plenty of attention for their Web-based personal health records, both companies have long maintained that they’re not bound by the privacy protections of a 1996 federal law known as HIPAA. And despite a recent HIPAA change — one intended to extend its privacy provisions to services like Google Health and Microsoft’s HealthVault — both companies still insist they’re not bound by the law.
Those HIPAA changes came courtesy of the American Recovery and Reinvestment Act of 2009, also known as the economic stimulus law. One provision ostensibly makes third-party data repositories, personal health records and health information networks into business partners of care providers and health plans, requiring them to follow the same rules as everyone else.
If a company wants to act like the law doesn’t apply to its stewardship of patient data, why exactly would anyone entrust that companies with their personal health information?
Related Reading:
0 comments :
Post a Comment