It seems the tension created by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have just been ratcheted up. The issue at hand is the balance between the HIPAA requirement to protect privacy and the HITECH demands that health information be shared among responsible parties for patient care purposes.
In an attempt to close any gaps between the two, the Department of Health and Human Services (DHHS) and the Office of Civil Rights have recently enacted the “final” four rules of the Health Insurance Portability and Accountability Act deemed the “omnibus” rule. The narrowing of this gap has produced a balance beam of regulation and penalty.
A FierceHealthcare article highlighting the fine line for regulated entities and their business associates quotes Todd Richardson, Vice President and CIO of Wausau, Wisconsin-based non-profit, community-directed health system Aspirus, Inc. Richardson states, “On one hand we have ‘protect, protect, protect’ and on the other hand we have ‘share, share, share.’ While the balance is ‘protect and share,’ the devil is always in the details.”
How exactly can you reveal protected private patient information and avoid potential penalties? It seems that to fall off either side would find that one has been left to work without a net!