Today, cloud computing, wireless mobile devices, implantable devices, and wearables are on the rise but there is an unclear understanding of how to maintain privacy and security due to the rapidly changing healthcare climate.
Joy Pritts, JD, the first Chief Privacy Officer at ONC and now a Health Information Privacy and Security Consultant, voiced her ideas on privacy and security issues at the Tech Council of Maryland’s www.mdtech.org health IT event held March 24, 2015.
She pointed out that laws related to privacy and security are not only out of date but insufficient to meet the needs of the health and medical community as many are clueless as to what is needed. We must do a better job of formulating rules and regulations so they apply to all the new technology on the horizon.
Often, public policy makers suggest more regulations, but the fact is there needs to be different set of rules for different industries and furthermore regulations have to be specific to different geographic areas. For example, information generated in Europe as part of the EU requires different rules and regulations.
Today, healthcare providers have to abide to individual laws in states which means that providers that function in more than one state have to deal with a number of complicated issues related to state rules. For privacy and security regulations to really work efficiently, all states should treat the laws and regulations equally on specific issues across all jurisdictions.
It is also a fact that a high percentage of healthcare is no longer provided in the doctor’s office or in the hospital. Since a great deal of the care is provided at home or at some other care facility, today’s rules and regulations don’t always match what is needed to govern privacy and security in other health environments.
Pritt named several federal agencies involved in complex issues related to privacy and security issues:
- The Office of Civil Rights www.hhs.gov/ocr within HHS enforces the HIPAA Privacy Rule to protect the privacy of individually identifiable health information
- FDA www.fda.gov/MedicalDevices/default.htm is involved in the current state of medical device cybersecurity and cyber threats as they relate to medical devices
- FTC www.ftc.gov has just announced that an Office of Technology Research and Investigation (OTRI) has been formed to study issues related to privacy, data security, algorithmic transparency, big data, and the Internet of Things
- FCC www.ftc.gov interested in privacy and security as it relates to communication networks has recently joined the international Global Privacy Enforcement Network a group of privacy regulators and enforcers
Pritts summed up by emphasizing the need for interagency actions but also for industry to participate in the discussions. All parties need to work effectively together to deal with the expected rapid growth of technology and data in the coming years.