Patients currently don’t have any way to keep their personal information from being shared with third parties. The U.S. needs new medical privacy rules as the country moves toward greater use of IT to store health records, a group of health-care experts said Wednesday.
“Thousands” of databases that contain U.S. residents’ health records exist, and patients don’t have any way to keep their personal information from being shared with third parties, said Dr. Deborah Peel, a psychiatrist and founder of the Patient Privacy Rights Foundation. Private companies have been data-mining prescription records for years, she added.
The Health Insurance Portability and Accountability Act (HIPAA), passed by the U.S. Congress in 1996, sets security standards that health-care providers must follow, but the law leaves major gaps in privacy, Peel said at an electronic health-records privacy forum sponsored by public relations firm Dittus Communications.
HIPAA gave many organizations with ties to health-care vendors, including offshore transcription vendors, insurance brokers and credit bureaus, authorization to use health care-records, she said. “Because of this confusion that HIPAA engendered, data is being exchanged and used for reasons that have nothing to do with people getting well,” she said. “People think this is the wild west because of HIPAA, and every piece of data that’s not nailed down can be used for some other purpose.”