A call to revamp HIPAA

Share this article:

The Health Insurance Portability and Accountability Act (HIPAA) is inadequate for protecting privacy and also stymies research, as access to patient health information is vital for making medical advances, according to a new report from the National Academy of Sciences' Institute of Medicine (IOM).

The report, titled “Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research,” suggests that privacy protection in research should not be governed by current HIPAA privacy rules. Rather, a new approach should be tried, one involving improved privacy, data security and accountability standards for all health research, regardless of who pays for it or conducts the research.

“We believe there is synergy between the goals of safeguarding privacy and enhancing health research and that it is critically important to our nation's health to strengthen privacy protections and still facilitate research," said Lawrence Gostin, professor of law at Georgetown University in Washington, D.C., in a statement. "Our recommendations aim to boost regulations and practices that effectively protect personally identifiable health information, while changing provisions of the HIPAA Privacy Rule or its interpretations that have proved to be ineffective."

The IOM report recommends that Congress authorize the U.S. Department of Health and Human Services and other relevant federal agencies to develop a unique framework applicable to all health research in the United States, apart from the HIPAA rules.

In addition, the report urges all institutions conducting health research to strengthen their data protection. Security breaches are a growing concern as the United States shifts to building health information systems and databases. Among other recommendations, the IOM also said that encryption should be required for all laptops, flash drives, and other portable media containing health records.

Share this article:

Next Article in News

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.