Report finds HIPAA hindering data usage
Overly strict compliance with HIPAA threatens patient safety and quality of care, according to a report from the Bipartisan Policy Center in Washington, DC.
When the think tank released the report, Esther Dyson, chairwoman of the group’s Health Initiative Coordinating Council, endorsed the findings. "The problem with HIPAA is [that] it was applied much too broadly, and to be candid, it was often used as an excuse not to move data around," Dyson said.
Concerns about privacy and security are sometimes cited as barriers to further progress on the use and exchange of data, the report notes. While HIPAA is designed to safeguard patient privacy, it is often misunderstood, misapplied, and over-applied in ways that might inhibit information sharing unnecessarily, it says. "Additionally, a great deal of data about individuals falls outside the purview of HIPAA, such as consumer-generated data that might be posted on social networks, stored in apps, or shared through other online sources," the authors wrote. "HIPAA specifies how data should be de-identified, but there is considerable variability in the practice of anonymization and no existing standards to govern it. Additionally, some data, such as genomic data, is difficult to adequately anonymize."
Seeking consent from patients to use their data for clinical trials or observational research can help mitigate concerns about privacy, but there is evidence that using "opt-in" or "opt-out" patient data results in bias, the report says. "Robust security also plays a role in building trust," the report adds. "The use of multilayered approaches, combined with other safeguards — such as encryption, tokenization, and access controls — can play a critical role in addressing privacy and security risks, enabling sharing of data, and supporting research that requires more than fully de-identified data."
The full report is available online at http://tinyurl.com/ld54qmp.
