Health: Privacy and an Obsolete Law

The Story:

The health care industry in the last two decades, in the US and elsewhere, has shifted away from paper records in manila folders toward digital and online records and record keeping. This raises privacy returns, and it has rendered obsolete the last big effort of America’s legislators to address privacy in the field, the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Significance:

One of the purposes of HIPAA was, precisely, to give patients control over their own private health and health care information. But HIPAA approached this by listing certain “covered entities” and then regulating what they and their subcontractors could do with individual identifiable health data. Information generated by the patients themselves was deliberately left out of this coverage. And information aggregated by online algorithms was not a concern in 1996.

In Pill Form:

Consider one great example of the obsolescence of the system. Ovia is a fertility and pregnancy app. It collects data from users/patients on highly private matters (sexual activity and menstrual cycles) and provides that data in de-individualized aggregated form to health providers to aid in their decision making. But no HIPAA defined “covered entity” is involved in the collection or management of this information, so the system may raise grave privacy risks that the law simply ignores.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.