Health Data Outside HIPAA: Simply Extending HIPAA Would Be a #FAIL

In summary:HIPAAs ruleswere not designedto address privacy risks introduced by widespread personal information collection and use in the modern digital ecosystem.HIPAAs ruleswere designedto support information flows within the health care system and allow for broad uses and disclosures of data by both covered entities and business associates without the need to obtain patient consent.HIPAA is leaky it expressly allows covered entities and business associates to share data outside of HIPAA, including selling de-identified data, without patient consent.HIPAAs rules protect data and also protect incumbents interests in controlling health data.Ultimately Congressional action is needed to establish meaningful privacy protections for personal data.

Read on

Related Article