GovInfoSecurity reports that a piece of legislation with possible consequences for HIPAA has been unanimously passed by the House Committee on Energy and Commerce. The bill would remove the need for patient authorization in cases of protected health information (PHI) disclosure under certain circumstances involving medical research. Though the bill has yet to appear in the Senate, the implications could require revision of medical practices and reconsideration of behaviors that would result in HIPAA violations.
The bill doesn't just remove these checks against personal data use: According to the source, it would also create new penalties for EHR vendors and set the framework for penalizing institutions that block health data sharing.
However, the PHI regulations carry the most contentious possible condition. The possible benefits to medical device and treatment programs that increased availability of information on the one hand is balanced against the risks of lower patient involvement in cases that use their data.
In an article for HealthcareITNews, John Halamka discussed the information-blocking aspect of this legislation, examining the market consequences of the research.
"As written, the information blocking language will result in some vendors lobbying in new political forums (Federal Trade Commission and Inspector General) to investigate every instance where they are getting beaten in the market by other vendors," he said. "The criteria are not objective and will be unenforceable except in the most egregious cases, which none of us have ever experienced."
Halamka outlines other possible steps to promote interoperability through this bill, including reducing the number of ONC projects in progress at any given time and creating a more stable and consistent approach to health security.
Working with specialists in HIPAA compliance services will let practices address their own compliance issues and prepare for changes in legislation.