1 / 9

HIPAA: Then and Now

Explore the origins and evolution of HIPAA, its scope, and its relevance in today's digital age. Learn about the trade-offs between data use and privacy, and the need for updated regulations. Presented by Peter Swire from Georgia Tech Scheller College of Business and Alston & Bird LLP at IAPP Las Vegas 2015.

pferrante
Download Presentation

HIPAA: Then and Now

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Where Did HIPAA Come From?“HIPAA Then and Now” Peter Swire Georgia Tech Scheller College of Business Alston & Bird LLPIAPP-Las Vegas 2015

  2. Overview • Where did the HIPAA statute and regulation come from? • Why was its scope focused only on health care providers and insurers? • What were the trade-offs between data use and privacy in the original regulation? • Why is HIPAA starting to seem outdated today?

  3. Origins of Health Insurance Portability and Accountability Act of 1996 • 1996 Kennedy-Kassenbaum bill, to enable those with pre-existing conditions to keep health insurance. • “Portability” • Industry concern – that’s a burden! So, include “administrative simplification” – standardized, electronic payments from the feds. • Privacy concern – wait, electronic records and no privacy or security rules for health data! So, tell HHS to create regs if Congress doesn’t act by 1999. • The story as of 2003 at http://peterswire.net/medical-privacy/

  4. HIPAA Privacy Rule • Surprise! Congress couldn’t even get a privacy bill out of subcommittee. • Proposed Privacy Rule 1999, 53,000 public comments • Final Privacy Rule 2000 • President Bush enters 2001, decides to keep the Rule, with modest changes in 2002 • Compliance soon after • 2009 Recovery Act • HI-Tech: Enforcement powers clearer, including for business associates • Meaningful Use incentives mean (finally) shift to provider electronic records

  5. The Scope of HIPAA • The most important aspect of a regulatory regime: who/what is covered • If not covered, then you don’t care about all of those super-detailed rules and compliance problems • HIPAA had “administrative simplification” for providers and insurers who received payments from the US for Medicare, Medicaid, etc. • Therefore, if you are not part of that payments system, then no HIPAA requirements • E.g., any website or health app is outside the scope, unless it is part of a covered entity

  6. Dual Purposes of HIPAA • Data flows are essential to good health care, so don’t need patient consent for: • Treatment, Payment, and Health Care Operations • Medical research (if IRBs, de-identification, limited data set) • Other public purposes (required by law, court order, etc.) • Privacy is essential for patient trust and accurate interactions with medical personnel: • Psychotherapy notes • And, in general

  7. Fair Information Privacy Principles in HIPAA • Notice • Opt-in consent as baseline • Access and accounting • Data security • Minimum necessary • Accountability/enforcement

  8. Conclusion • In 1996, dominant holders of medical information were providers and insurers • HIPAA didn’t cover a book store that sold readings about cancer – should it apply to web sites and apps today? • Today, health care Big Data increasingly outside of the covered entities • In 1996, the alternative to HIPAA was to have no national health privacy rules, even as the health payment system became national and electronic • Today, HIPAA is well established in the covered entities • But, as our panel will discuss, covered entities are becoming a much smaller share of the data universe …

More Related