In response to recent data breaches, privacy advocates are calling for changes to medical privacy rules to allow patients to control who can access their medical records, but some argue that such a law would be difficult to enforce. Los Angeles Times, Healthcare IT News.
The federal Health Insurance Portability and Accountability Act of 1996 includes rules that govern medical privacy, but a recent legal opinion by the Justice Department concluded that the rules apply primarily to organizations — hospitals, health plans and physician offices — and only secondarily to individuals, who typically are implicated in privacy violations.
The California Department of Public Health has launched an investigation into the recent data breaches at UCLA Medical Center. If the probe finds privacy deficiencies at UCLA, the department can force the facility to create a plan of correction.
California would then review the plan and revisit the hospital to ensure the plan has been implemented, the Times reports (Alonso-Zaldivar, Los Angeles Times, 4/9).
UCLA Employee Revealed
The UCLA Medical Center employee, Lawanda Jackson, who allegedly breached nearly 60 patients’ medical records said on Tuesday, it was “just me being nosy,” the Times reports.
Jackson, an administrative specialist, could face criminal charges for violating HIPAA medical privacy rules (Ornstein, Los Angeles Times, 4/9).
Letter to the Editor
Deborah Peel, founder of Patient Privacy Rights, in a Healthcare IT News letter to the editor writes, “The abysmal security measure and non-existent consumer access control over personal data at the UCLA Medical Center and by the NIH are currently standard operating procedure for the entire health care industry.”
She adds, “The nation’s electronic health systems are neither safe nor secure, and consumers cannot stop their very valuable data from being snooped in, shared, misused, sold or stolen.
According to Peel, the TRUST Act (HR 5442) “will do most of what is needed to restore our centuries-old legal and ethical standards to health privacy and control over personal health information” (Peel, Healthcare IT News, 4/9).