Does HIPAA Need a Makeover?


HIPAA has been a magnet for discussion since the beginning. Whether you view the law as a protection for patients or unnecessary regulation, it is easy to agree that a lot has changed since the law was first signed. And now, those changes – including the impacts of COVID-19 and advancements in technology – may mean it is time to revisit HIPAA and catch it up to the times.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created to establish national standards to protect patient health information from being disclosed without the patient’s consent or knowledge.

Understanding and Applying the Law

In the beginning, many questions about HIPAA involved the application of the law. These situations often came with stories.

  • A child calls the hospital to check on her mother and cannot get or receive information from the doctors.
  • Churches stop sharing the names of sick members in their bulletins because they are afraid of disseminating protected health information (PHI).

With changes like advancements in technology, the switch to electronic medical records, and a global pandemic, more questions are being raised.

How Can HIPAA Keep Up with Technology?

There would have been no way to predict the advancements in technology that have taken place since HIPAA was signed. In 1996, AOL was a popular dial-up Internet provider. The iPhone was not even on the market. Google did not exist.

Now, health care presents a business opportunity for technology. Google is working with the second largest hospital system in the US to store and analyze the data of millions of patients. Apple, Amazon, and Microsoft are advancing technology in the market as well.

Meanwhile, developers have created health tracking apps with amazing capabilities to help patients monitor their health and share the information with providers. These apps track everything from blood sugar to blood pressure to heart rate. But, if the app is created by a third-party developer, the health information collected is not covered by HIPAA. In fact, the Department of Health and Human Services reported that most health apps are not covered by HIPAA.

How Should Electronic Medical Records be Protected?

The move to electronic medical records has raised new questions. Recently, the administration passed a rule to allow patients to download their medical records to any computer, smart phone, and app they choose. However, once a patient downloads the information, it is no longer protected by HIPAA.

How Does the Pandemic Impact HIPAA?

COVID-19 precipitated changes we could not anticipate and exposed weaknesses we did not know existed.

  • In the wake of the first wave of the virus, the Department of Health and Human Services announced it would not penalize providers for disclosing PHI if it were for the benefit of public health.
  • At the same time, the increase in the number of employees working remotely skyrocketed.

Are these changes lasting? What do they mean for the protection of PHI?

How can health care employees get answers when they have questions about HIPAA?

Communication with the organization’s Compliance Officer is key.

  • Ask questions when you encounter new circumstances or have questions about application of the law.
  • Revisit the law and your company’s rules to ensure common sense compliance.
  • Raise a red flag when you encounter situations that may put PHI at risk.
  • Educate members about their PHI.