A recent Bipartisan Policy Center report, titled “A Policy Forum on the Use of Big Data in Health Care“, suggests that HIPAA is a burden on healthcare organizations that are trying to innovate and maximize the value of patient big data. But how likely are changes to HIPAA and what should healthcare focus on in the near future to use big data in a private, secure manner?
The Bipartisan Policy Center maintains that HIPAA is stifling organizations from moving data around in a meaningful way because the federal regulation is “misunderstood, misapplied, and over-applied”. For the healthcare industry to truly allow connectivity, the Bipartisan Policy Center maintains that HIPAA should be applied in narrower ways that allow more of a balance between innovation and patient privacy. It also criticized the fact that HIPAA specifies how data should be de-identified, but there is considerable variability in the practice of anonymization and no existing standards to govern it. And some data, such as genomic data, may not be easy to anonymize.
Trust plays a critical role in the use of big data and data governance is needed. The use of big data in health care typically requires the multiple organizations in which various data sets reside to work together and negotiate agreed-upon policies and technical methods for information sharing based on trust. Fair information practices can be leveraged to support common policies for information sharing. Robust security also plays a role in building trust.
For those concerned about privacy and security, the report maintains that the use of multilayered approaches, combined with other safeguards—such as encryption, tokenization, and access controls—can play a critical role in addressing those risks, enabling sharing of data, and supporting research that requires more than fully de-identified data.
“If institutions don’t have a way to connect and trust one another with respect to the data that they each have stewardship over, we won’t have the environment that we need to improve health and health care,” said Deven McGraw, Center for Democracy and Technology.
There does appear to be some validity to Bipartisan Policy Center report’s argument regarding big data innovation. Removing data from silos is a critical long-term goal in healthcare that must be done to make the most out of patient data. But at the same time, healthcare privacy and security concerns are well-founded and very real and the transition to moveable data should happen without great consideration and thought. There’s a reason HIPAA was enacted: To protect patients and their data. How well technology wraps around those laws will likely be what to watch for in the short-term, not whether there will be another HIPAA overhaul.
Related White Papers:
VIVA Health Securely Transfers Data, Demonstrates Regulatory Compliance, and Automates Manual TasksGartner Report: Responding to Unpopular HIPAA Disclosure RequirementsHow Rochester General Transfered Medical Records and Meet HIPAA/HITECH ComplianceGartner Report: As HIPAA Regulations Get Teeth, Healthcare Firms Feel The BiteHow Healthcare IT Is Securing Innovative Patient CareBrowse all White Papers
Health big data privacy v. innovation: Expert observationsStates compromise patient data privacy with research salesPatient privacy, consent considerations for health big dataKeeping up with health big data de-identification standardsBig data implications for health data security, privacy
Original post –