Obama health care plan said to boost security, privacy controls
Privacy advocates say $20B e-health proposal overcomes some HIPAA concerns
Computerworld - The electronic health records plan in President Barack Obama's $825 billion economic stimulus bill aims to boost security and privacy controls beyond those now required under the Health Insurance Portability and Accountability Act (HIPAA).
The Health Information Technology for Economic and Clinical Health Act (HITECH) initially provides $20 billion for the creation of a national electronic health records system that would fundamentally improve the manner in which health information is electronically created, accessed, stored, shared and controlled.
Health care security experts lauded the bill for upgrading HIPAA controls that security experts have criticized for years. Some did say they still fear that the improvements could be diluted at the request of health care lobbyists.
Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, called the bill's proposed ban on the sale of protected health information in electronic medical records and limitations on marketing such data a key upgrade over HIPAA.
The sale and use of personal health data by health care vendors and providers has long posed a strong threat to patient privacy, according to McGraw, who on Jan. 27 testified on health care privacy issues before the Senate Judiciary Committee. (download PDF)
"HIPAA's provisions for when a person's personal information can be used for marketing have never been very strong," McGraw said. "It has always allowed covered entities to use patient information to send communications that have been paid for by an outside marketing company." The new proposal would require covered entities such as hospitals and physician offices to, at a minimum, obtain the consent of the patient before using his information, she said.
Another big change is the requirement that all health care providers and others using health care data disclose in a timely manner any data breach involving the unauthorized acquisition, access, use or disclosure of protected patient health information, McGraw said. The new federal rule is similar to several state laws that require the prompt disclosure of the loss of financial data.
The HITECH bill would also hold business associates -- such as billing and medical transcription services -- to the same security and privacy standards as the controllers of health care data, noted Peter MacKoul, president of HIPAA Solutions LC, a consulting firm in Sugar Land, Texas. The new bill eliminates many of the loopholes that let providers bypass similar HIPAA restrictions, he added.
The bill also calls for steeper civil fines and penalties for third parties found to be negligent in protecting health care data, MacKoul said.
McGraw noted that the U.S. Department of Health and Human Services, which enforces HIPAA rules, has rarely fined health care firms for violations, despite "thousands of complaints" from patients. The HITECH bill, she said, requires that HHS imposes fines or other penalties on violators.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Red Hat Enterprise Linux - The Original Cloud Operating System
- Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse
- Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center
- Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper
- Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support... All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts