Top Searches
April 13, 2009
| Digital Health Care > Issues > Lively Debate at HIPAA Summit at Harvard

Lively Debate at HIPAA Summit at Harvard


By Neil Versel

August 19, 2008 | CAMBRIDGE, Mass.—Are patient privacy rules effective? The answer is not a simple yes or no.

“It’s working, but it’s got a ways to go,” suggests William Braithwaite, chief medical officer of San Diego-based security and identity management company Anakam. He says that current federal and state privacy rules generally do not address new technologies such as mobile Internet access and personal health records (PHR) platforms.

Deborah Peel, founder and chair of Patient Privacy Rights and the affiliated Coalition for Patient Privacy, begs to differ. She says the August 2002 amendments to the original HIPAA privacy rule effectively eliminated the patient’s right to consent to the use of protected health information by adding permission to share such data for “treatment, payment, and health care operations.”

Braithwaite, known as “Doctor HIPAA” because he helped draft the rules last decade when he was a senior advisor on health-IT policy in the Department of Health and Human Services (HHS), and Peel were part of a lively roundtable discussion and debate Tuesday morning at the Sixteenth National HIPAA Summit and related Privacy Symposium on the Harvard University campus.

Joining them on the panel were Karen Grant, chief privacy officer at Partners Healthcare System in Boston, and Linda Sanches, senior advisor for HIPAA privacy outreach and training in the HHS Office for Civil Rights. Jodi Daniel, director of the Office of Policy and Research in the Office of the National Coordinator for Health Information Technology, participated via telephone.

Peel believes a stronger privacy law that requires patient consent could promote data exchange between health care entities that currently are wary of sharing information with competitors. “The consent tool can really enable regional data exchange,” says Peel, an Austin, Texas, psychiatrist.

“The person who can really move the data safely is in the consumer,” according to Peel. “We can be pinged on our cell phones if someone we don’t know wants access to our data.

Sanches says health care professionals and the public alike may mistakenly believe HIPAA enforcement has been lax because HHS has imposed few monetary penalties. “We see enforcement as the improvement of privacy activities among covered entities,” she says.

“That normally requires them to take drastic action,” Sanches says. She notes that people have been disciplined for taking unauthorized looks at the medical records of celebrities, such as the more than two dozen employees at Palisades Medical Center in New Jersey were suspended last year for peeking at the records of actor George Clooney.

But Peel says that health care organizations generally only take action when there is a high-profile breach such as with Clooney because electronic health records (EHRs) systems are set up to follow the HIPAA requirement that there be an audit trail of who viewed protected health information and when. EHRs, she argues, generally do not take proactive steps to prevent unauthorized access to specific records by people who have network passwords.

In fact, according to Peel, EHR vendors, which often are not covered entities under HIPAA, routinely aggregate and sell patient data without patient consent. “It is cheaper to have a consent-management tool than to search retroactively for needles in a haystack,” Peel says.

Braithwaite says it is unfair to blame vendors as a bunch because products and security protocols vary greatly. “You can’t make a blanket statement like that. It’s ridiculous,” he contends.

And so the debate continues.

Click here to log in.

0 Comments

Add Comment

Text Only 2000 character limit

Page 1 of 1
White Papers & Special Reports

Translational Research Briefing ON Report
Sponsored by GenoLogics

The varied collection of Bio-IT World articles and insights assembled in this Briefing ON examines:

  • The impact of integrating clinical data back into the research and development pipeline.
  • Using information gathered from physical samples, databases, and clinical trials to benefit the design and performance of future research.
Download the complimentary report


Reducing bottlenecks in GMP Laboratories
Sponsored by Waters
Significant time is spent conducting quality control (QC) testing and documenting QC results during the pharmaceutical manufacturing process. GMP regulations require maintaining documentation to ensure strict compliance with established SOP’s. Completing paper documents and ensuring their authenticity creates a bottleneck in the QC laboratory. Waters® NuGenesis® SDMS Intelligent Procedure Manager, an electronic SOP workflow & documentation system, addresses the predominately manual activities required to perform an analytical method. Cycle times are reduced up to 50-75% as compared to a traditional paper trail thereby boosting productivity and accuracy.
Download the white paper


Managed Innovation, Assured Compliance
Developing, executing and managing the transformation, analysis and submission of clinical research data with SAS® Drug Development
Sponsored by SAS
Get better products to market faster. Download this white paper to discover the top ten challenges facing life science executives and how to overcome them. See how SAS Drug Development transforms clinical data into true innovation.
Download the paper
More White Papers & Special Reports
Life Science Webcasts & Podcasts

Medidata Solutions

“What Will Drive Tomorrow’s Health Business Innovation: Technology, Standards or New Business Models?”

This podcast will discuss the current state of health business innovation, particularly around providing solutions for clinical trials and drug development. Executives from Medidata and SAS will address the following questions:

  • Does the health industry need more technology to drive business innovation?
  • How does the current state of industry standards impact the ability of technology to drive business innovation?
  • Is the lack of integration, inability to enter clean data or data privacy issues posing barriers to fully exploiting today’s technology?
  • Are standards and technology adoption hindered by misaligned business models?

Speakers: Glen de Vries, President of Medidata Solutions, and Jason Burke, Global Director of Health and Life Sciences Market Segments, SAS.

Download Now


More Podcasts

Job Openings


Biotechnology Information Management team
Seeks an individual to strategically lead and drive solutions for data management needs stemming from external scientific collaborations. MS in Biology, Bioinformatics, Computer Science, etc. required. Applications must be submitted at www.monsanto.com for consideration. Select req # mons-00010265. We offer very competitive salaries and an extensive benefits package. Monsanto values diversity and is an equal opportunity employer. M/F/D/V

Support Engineer
Titian leads the industry in the supply of software that empowers customers in the management of their scientific samples. Located in Hopkinton, Massachusetts, this position is responsible for the resolution of customer support issues. Candidates should hold a 4 year degree, have a technical background in software or research informatics, have 4+years of experience supporting data management and software solutions, and be proficient in C#.NET, VB6, PL/SQL, ASP. For additional information on this position and our company, visit our website at www.titian.co.uk. To apply, email resume and salary history to [email protected].

Related Resources & Products

Advanced BioFuels Summit
PEGS Summit
PEGS Summit
ADVANCED HIPAA: Myths and Current Best Practices in Clinical Research

For reprints and/or copyright permission, please contact The YGS Group, 1808 Colonial Village Lane, Lancaster, PA;

(717) 399-1900 ext. 125, or via email to [email protected].

Cambridge Healthtech Institute

  • 250 First Avenue, Suite 300
  • Needham MA 02494
  • phone: 781-972-5400
  • fax: 781-972-5425
  • [email protected]