HHS: HIPAA limited in age of mHealth, social media and wearables
The U.S. Department of Health and Human Services issued a report to Congress wherein it stated that HIPAA serves traditional healthcare well and continues to support national priorities for interoperable health information with its media-neutral privacy rule, but that the scope of HIPAA is limited.
“The health information marketplace of 2016 is filled with technology that enables individuals to be more engaged in managing their own health outside of the traditional healthcare sphere than ever before,” according to the 32-page report. “The wearable fitness trackers, social media sites where individuals share health information through specific social networks, and other technologies that are common today did not exist when Congress enacted the Health Insurance Portability and Accountability Act of 1996.”
HHS characterizes gaps in health data security, patient privacy concerns, and health IT that can potentially aid in protecting patients and their information. The report pays special attention to mobile health and social media issues.
“It applies only to organizations known as ‘covered entities,’ health plans, healthcare clearinghouses and healthcare providers conducting certain electronic transactions, and their ‘business associates,’ persons or entities that perform certain functions or activities involving the use or disclosure of individually identifiable health information on behalf of or in providing services to covered entities,” the report noted. “Today, in addition to these traditional healthcare organizations, scores of new businesses that collect, handle, analyze and disclose health information about individuals have emerged.”
HHS had three goals in its report to Congress: analyze the scope of privacy and security protections of an individual’s health information for these new and emerging technology products not regulated by HIPAA., identify key gaps that exist between HIPAA-regulated entities and those not regulated, and recommend addressing those gaps in a way that protects consumers while leveling the playing field for innovators inside and outside of HIPAA.
Large gaps in policies around access, security and privacy continue, and confusion persists among both consumers and technology makers, the HHS report said.
“Wearable fitness trackers, health social media and mobile health apps are premised on the idea of consumer engagement,” HHS said. “However, our laws and regulations have not kept pace with these new technologies. This report identifies the lack of clear guidance around consumer access to, and privacy and security of, health information collected, shared and used by [entities not covered by HIPAA].”