What the newly proposed Health Data Use and Privacy Commission Act means to you

Featured image

Share this article

HIPAA amendment incentivizes cybersecurity best practices

Two U.S. Senators recently introduced the Health Data Use and Privacy Commission Act. The new legislation aims at modernizing health data privacy laws such as HIPAA.

The U.S. Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 to protect the rights and privacy of patients. And while updates occur, none so far effectively address emerging technologies.

A new update to HIPAA can only be beneficial for healthcare covered entities and their patients. Especially because an important facet of HIPAA is safeguarding patients’ protected health information (PHI).

SEE ALSO: HIPAA compliant email

Something that must match the technological advances being made today.

A HIPAA refresher

HIPAA protects the rights and privacy of patients and combats fraud and abuse related to PHI.

RELATEDWhat is HIPAA? Or is it HIPPA?

HHS’ Office for Civil Rights regulates and enforces the act, which consists of five sections (or titles). Most referenced is Title II as it sets the policies and procedures for safeguarding PHI, whether in paper or electronic (ePHI) form.

Updates to Title II include:

Understanding and implementing these guidelines is fundamental to avoiding breaches and HIPAA violations and properly reporting problems.

The Health Data Use and Privacy Commission Act

Introduced by U.S. Senators Tammy Baldwin (D-WI) and Dr. Bill Cassidy (R-LA), the Health Data Use and Privacy Commission Act brings HIPAA up to speed.

In the past 25 years since enacting HIPAA, the healthcare industry has welcomed technological innovations.

SEE ALSO: The healthcare digital transformation

Unfortunately, the legislation does not fully address emerging technologies, including smart or IoT (Internet of Things) devices (e.g., medical IoTs) as well as cloud technology.

Baldwin and Cassidy’s act establishes a commission to review existing PHI protections and current use and disclosure practices. The commission will draft recommendations and conclusions and convey its findings to Congress and the President within six months.

The final report should address:

  • Potential threats to individual privacy and business/policy interests
  • The purpose of some PHI use and disclosure
  • The effectiveness of existing legislation
  • Suggestions on reforming current laws and regulations
  • Costs and burdens of making updates
  • Possible non-legislative solutions
  • A review of third-party compliance requirements

According to Cassidy in a press release, “As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential.”

Why is a HIPAA update helpful?

Today, covered entities rely heavily on technology for day-to-day and critical operations. Sometimes this means using outdated systems while other times this means using innovative, new devices.

The HIPAA Security Rule and HITECH Act support the use of new technologies, but as the Senators contend, HIPAA misses the mark on providing advanced technological guidance. Updating the legislation, therefore, should:

  • Provide covered entities with more support
  • Suggest other methods to stop breaches and keep PHI from being stolen
  • Aid the increased reliance on technology

This commission will start the process by providing additional guidance and clarification. Something that industry leaders say healthcare organizations need and want:

Providers, health plans, and other covered entities and their business associates covered by the Privacy Rule as well as the patients they serve need clarity and consistency in health data privacy and use rules.

Email security is as relevant as ever

One aspect of HIPAA cybersecurity that won’t change is the need for email security. That is because HIPAA compliant email provides a solid communication method for strong patient engagement.

RELATEDWhy healthcare providers should use HIPAA compliant email

Paubox Email Suite provides needed email protections because our HITRUST CSF certified solution encrypts all outbound email.

Even better, employees can send these emails directly from an existing email platform (e.g., Microsoft 365 or Google Workspace) with no hassle.

Technology can improve healthcare, especially when fortified by strong legislation. As Cassidy reiterates in the press release, “HIPAA must be updated for the modern-day. This legislation starts this process on a pathway to make sure it is done right.”

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022