HIPAA Revisited, Part 2: Seeking balance
If some people think health privacy protections don't go far enough while others think they're too restrictive, does that mean the government got it right? Probably not, but the experts agree they're a step in the right direction. Now it's time for some fine tuning.
Part 1 of this two-part series outlines concerns about the privacy of personal health information more than five years after medical and health care organizations covered by the Health Insurance Portability and Accountability Act (HIPAA). Part 2 examines some of the myths and misconceptions surrounding HIPAA, as well as the ramifications of the act and its effectiveness.
One of the common myths surrounding HIPAA is that it is not a privacy law at all, and that it weakened rather than strengthened individuals' rights to health information privacy.
That's not the case at all, according to Deven McGraw, recently appointed director of the Center for Democracy & Technology's Health Privacy Project.
"This is completely unfounded. Before the HIPAA Privacy Rule was enacted, there were no federal standards protecting the privacy and security of health information. Unless they were specifically limited by any applicable state law, doctors and hospitals who handled personal health information could do anything they wanted with it, subject to whatever consent form the patient signed.
