
Federal HIPAA Law Lags Behind New Tech - danso
https://www.propublica.org/article/privacy-not-included-federal-law-lags-behind-new-tech
======
jrapdx3
It's pretty obvious to tech-aware medical practitioners that the official
rules governing health information don't cover the full gamut of circumstances
clinicians deal with.

The article discusses certain genetic tests not directly ordered as medical
procedures, that is, "OTC" testing done for example by 23andMe, etc, that lack
HIPAA protections. In principle, this could result in health data being
misused, e.g., to profile ads geared toward the individual.

As well, genetic testing services marketed to providers (e.g., to identify
liver enzymes that clear medications from circulation) may fall into a gray
zone. I'm not sure about a range of non-standard nutritional or food allergy
tests on the market re: HIPAA compliance.

A big concern is the adequacy of EHR system security even if HIPAA rules are
followed. The numerous intrusions into health insurers and hospital systems
show the vulnerabilities that HIPAA doesn't really prevent. Threat of data
"leakage" makes clinicians wary about what info is recorded, and in private
conversations tell me they often don't include "personally sensitive" info in
the record.

The opinion of these practitioners is the convenience of EHR
"interoperability" will likely reduce privacy protections HIPAA is supposed to
provide. Perhaps this expresses more about the state of system security in
general vs. HIPAA deficiencies, nonetheless HIPAA needs to be strengthened to
really keep health data private and out of the hands of corporate or
governmental exploitation.

------
chasb
HIPAA isn't even good at protecting the data it's intended to protect. The
Privacy Rule is decent, but the Security Rule is a pain in the butt, vague,
and lacks any decent official guidance.

------
aggieben
From my very surface-level experience with HIPAA, I'd say to just call the
whole thing off. All it does is make me irritated that medical providers send
me those stupid "secure email" messages - or worse, only accept fax.

------
cbd1984
Laws never cover everything. They can't. There isn't enough storage in the
world. That's why we have lawyers, judges, case law, and trials run by humans
and not machinery.

That's also why hospitals and other large organizations keep legal
representation on retainer: It's convenient to have someone you can ask the
thorny questions without getting an IANAL disclaimer prefixed to everything.

------
ch4s3
Yeah HIPAA doesn't cover data provided by patients to businesses. Should it? I
don't know, probably.

