HIPAA Omnibus: Gaps In Privacy?

Patient Advocate Deborah Peel Explains Her Concerns

By , March 6, 2013.
HIPAA Omnibus: Gaps In Privacy?

Although the HIPAA Omnibus Rule is a step in the right direction for protecting health information, the regulation still leaves large privacy gaps, says patient advocate Deborah Peel, M.D.

"HIPAA Omnibus finally affirmed that states can pass laws that are tougher than HIPAA, and that's really good news because HIPAA is so full of flaws and defects that we are concerned that what is being built and funded will not be trusted by the pubic," Peel says in an interview with HealthcareInfoSecurity during the 2013 HIMSS Conference.

Peel also is pleased that the new rule clarifies that business associates and their subcontractors must be HIPAA-compliant. However, while business associates will need to keep a list of all their subcontractors, "covered entities [such as hospitals] and patients will never know who all these downstream users of their data are," she says. "This is a huge mistake."

In the interview, Peel also:

  • Discusses why she believes the rule doesn't go far enough in making sure that patients who pay cash for treatment can ensure that their health plans do not receive information about that treatment;
  • Explains why she wants the Department of Health and Human Services' Office for Civil Rights to issue guidance on how to protect patient data in cloud computing environments (see Cloud Computing: Security a Hurdle);
  • Announces a "health data map" project that her group, Patient Privacy Rights, has initiated with Harvard University to demonstrate where patient health data flows.

Peel, a practicing psychiatrist and psychoanalyst, is founder and chair of Patient Privacy Rights, an advocacy group.

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Medical Device Security: A Higher Profile

White House Cybersecurity Coordinator Michael Daniel says medical device manufacturers need to do a...

Latest Tweets and Mentions

ARTICLE Medical Device Security: A Higher Profile

White House Cybersecurity Coordinator Michael Daniel says medical device manufacturers need to do a...

The ISMG Network