Two U.S. Senators recently introduced the Health Data Use and Privacy Commission Act. The new legislation aims at modernizing health data privacy laws such as HIPAA. The U.S. Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 to protect the rights and privacy of patients.
And while updates occur, none so far effectively address emerging technologies. A new update to HIPAA can only be beneficial for healthcare covered entities and their patients. Especially because an important facet of HIPAA is safeguarding patients’ protected health information (PHI).
SEE ALSO: HIPAA compliant email
Something that must match the technological advances being made today.
A HIPAA refresher
HIPAA protects the rights and privacy of patients and combats fraud and abuse related to PHI.
RELATED: What is HIPAA? Or is it HIPPA?
HHS’ Office for Civil Rights regulates and enforces the act, which consists of five sections (or titles). Most referenced is Title II as it sets the policies and procedures for safeguarding PHI, whether in paper or electronic ( ePHI) form. Updates to Title II include:
- Privacy Rule (2003) – provides guidelines on PHI use and disclosure
- Security Rule (2005) – sets necessary safeguards to protect ePHI
- Enforcement Rule (2006) – sets the standards of enforcing HIPAA
- HITECH Act (2009) – promotes the adoption and meaningful use of technology
- Breach Notification Rule (2009) – requires healthcare providers to report data breaches
- Final Omnibus Rule (2013) – incorporates HITECH further by improving privacy protections
Understanding and implementing these guidelines is fundamental to avoiding breaches and HIPAA violations and properly reporting problems.
The Health Data Use and Privacy Commission Act
Introduced by U.S. Senators Tammy Baldwin (D-WI) and Dr. Bill Cassidy (R-LA), the Health Data Use and Privacy Commission Act brings HIPAA up to speed. In the past 25 years since enacting HIPAA, the healthcare industry has welcomed technological innovations.
SEE ALSO: The healthcare digital transformation
Unfortunately, the legislation does not fully address emerging technologies, including smart or IoT (Internet of Things) devices (e.g., medical IoTs) as well as cloud technology.
Baldwin and Cassidy’s act establishes a commission to review existing PHI protections and current use and disclosure practices. The commission will draft recommendations and conclusions and convey its findings to Congress and the President within six months.
The final report should address:
- Potential threats to individual privacy and business/policy interests
- The purpose of some PHI use and disclosure
- The effectiveness of existing legislation
- Suggestions on reforming current laws and regulations
- Costs and burdens of making updates
- Possible non-legislative solutions
- A review of third-party compliance requirements
According to Cassidy in a press release, “As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential.”
Why is a HIPAA update helpful?
Today, covered entities rely heavily on technology for day-to-day and critical operations. Sometimes this means using outdated systems while other times this means using innovative, new devices.
The HIPAA Security Rule and HITECH Act support the use of new technologies, but as the Senators contend, HIPAA misses the mark on providing advanced technological guidance. Updating the legislation, therefore, should:
- Provide covered entities with more support
- Suggest other methods to stop breaches and keep PHI from being stolen
- Aid the increased reliance on technology
This commission will start the process by providing additional guidance and clarification. Something that industry leaders say healthcare organizations need and want:
Providers, health plans, and other covered entities and their business associates covered by the Privacy Rule as well as the patients they serve need clarity and consistency in health data privacy and use rules.
Email security is as relevant as ever
One aspect of HIPAA cybersecurity that won’t change is the need for email security. That is because HIPAA compliant email provides a solid communication method for strong patient engagement.
RELATED: Why healthcare providers should use HIPAA compliant email
Paubox Email Suite provides needed email protections because our HITRUST CSF certified solution encrypts all outbound email. Even better, employees can send these emails directly from an existing email platform (e.g., Microsoft 365 or Google Workspace) with no hassle.
Technology can improve healthcare, especially when fortified by strong legislation. As Cassidy reiterates in the press release, “HIPAA must be updated for the modern-day. This legislation starts this process on a pathway to make sure it is done right.”