HIPAA was enacted in 1996, nearly two decades ago. Dan Orenstein, senior vice president and general counsel of athenahealth, thinks it's time the law was updated.
Here are three thoughts from a Forbes article written by Mr. Orenstein.
1. Technology has changed since 1996. "Technology has changed dramatically; 1996, when the rules were created, occurred before the modern Internet took root in our everyday lives. Additionally, social networks, the cloud, and mobile computing platforms did not exist. The world of today, technologically speaking, barely resembles the world of 1996. HIPAA, however, has not changed."
2. What about patient control? "HIPAA limits patient control over their information to consents and written authorizations that apply in only limited circumstances and usually to one organization. HIPAA recognizes no mechanism that would give patients broad consent and control capabilities across the care delivery continuum."
3. Revising HIPAA could reduce waste. "A clear HIPAA pathway could enable patient consent and preferences to be administered centrally by qualified organizations that help coordinate health information exchange. This would eliminate a lot of waste and confusion while giving patients a much higher-level of visibility into, and control over, how their information is used and where it goes than HIPAA currently allows."