The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 with the primary purpose of protecting the privacy rights of healthcare patients. You can read through some of our previous blog posts here at Allpoint Compliance to learn more about HIPAA and its implications, but it basically consists of several Rules, along with safeguards pertaining to those rules.
As HIPAA approaches its 20-year anniversary, however, some experts are saying its Privacy Rule needs to be updated. Of course, this only makes sense, considering the substantial changes in both healthcare and privacy that have occurred since the inception of HIPAA back in 1996. Doctors today are now using high-tech devices and cloud-based computing services to manage data, and even insurance companies – which are also considered covered entities – are storing data on networks.
In a recent article, Forbes discussed the issue by boldly saying that “it's time to modernize the HIPAA Privacy Rule.” Forbes notes that the HIPAA Rules were created before the advent and surge of the Internet. This means social media, cloud computing and mobile devices didn't even exist at the time – and therefore, the nuances of HIPAA aren't designed for modern-day healthcare practices.
“Technology has changed dramatically; 1996, when the rules were created, occurred before the modern Internet took root in our every day lives. Additionally, social networks, the cloud, and mobile computing computing platforms did not exist,” wrote Forbes. “The world of today, technologically speaking, barely resembles the world of 1996. HIPAA, however, has not changed.”
But it's important to note that HIPAA has undergone some changes since its inception nearly 20 years ago, including the Omnibus Rule. The Department of Health and Human Services (HHS) proposed the Omnibus Rule on July 14, 2010, with the intention of improving its existing Rules (including the HIPAA Privacy Rule). Among the changes made in HIPAA's Omnibus Rule includes expanding patients' rights to receive electronic copies of their healthcare information, and strengthening the limitations on the use and disclosure of PHI for marketing/fundraising purposes.
The Omnibus Rule still leaves some elements of healthcare privacy open for interpretation, which is why privacy advocates are pushing for a new and improved HIPAA Rule. Whether or not the HHS actually takes action to change the Privacy Rule, however, remains to be seen.