Feature

5 HIPAA myths in the digital age


 

Truth: Health professionals are obligated to provide copies of health information to patients and that includes electronic copies if practices have such technology. The electronic copy requirement was adopted in 2009 as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Despite the electronic amendment’s existence for nearly 10 years, Ms. Savage said she frequently hears from patients about the difficulty of obtaining health information and the extended time and high cost that come with requests.

“[Providing health information to patients] is an obligation,” Ms. Savage stressed. “A 21st century physician might want to be thinking about how to build on that obligation to really engage their patients in a partnership of care. If you give the patient the data, they can actually become a more valuable [participant] with you and engage in self-management.”

More information on HITECH and giving patients access to protected health information can be found here.

Truth: HIPAA is flexible and can adapt to newer technology more easily than many people think, Mr. Fisher says.

“[There is the perception] that HIPAA is archaic and does not fit with modern technology,” he said. “There are a lot of misplaced fears that digital tools cannot satisfy security requirements or will place data where they should not go.”

In actuality, many health care applications enable doctors to satisfy HIPAA requirements, while using updated technology. Secure email to send patients messages is one example, he said, as well as secure text messaging between providers.

At the same time, new technology can often assist health care privacy and advance security, Mr. Fisher noted. Technology solutions frequently automate routine tasks, such as auditing. Tools like machine learning and artificial intelligence can enhance security and catch up with attacker intelligence, he added.

“Technology should be viewed as a means of enhancing and expanding capabilities,” he said. “Using the auditing example, an individual really cannot adequately review all records or access points, but a program may be able to do so and begin to identify small trends that represent a security concern. From this perspective, the technology, as indicated, is about enhancing what can be done.”

Pages

Recommended Reading

To tame prescription prices, HHS dips a toe into drug importation stream
MDedge Rheumatology
Keeping the doctor-patient relationship at the office
MDedge Rheumatology
PhRMA spending leads health-sector lobbying efforts
MDedge Rheumatology
CMS proposal to level E/M payments raises concerns
MDedge Rheumatology
Some doctors are warming to single-payer medicine
MDedge Rheumatology
Ranked: State of the states’ health care
MDedge Rheumatology
Compounded topicals flagged on fears of Medicare fraud, risk
MDedge Rheumatology
Doctors decry inaction on physician-focused APMs
MDedge Rheumatology
CMS pushes ACOs to take on more risk
MDedge Rheumatology
Docs push back on step therapy in Medicare Advantage
MDedge Rheumatology