Read on Twitter
The Health Insurance Portability and Accountability Act of 1996 ( #HIPAA) is a fairly large bill that does a lot of stuff, including serving as the authority for what's known as the "Privacy Rule" – the Privacy Rule is the federal regulation we're all concerned about 1/ https://twitter.com/KatalinaGatinha/status/1199537101106286592
The Privacy Rule is a regulation found in the Code of Federal Regulations (at Title 45, parts 160, 162 & 164).
Regulations can be changed via executive authority – you know those questions that ask Democratic candidates something like 2/
Regulations can be changed via executive authority – you know those questions that ask Democratic candidates something like 2/
"A Republican Congress won't work with you, so what would you do as president using just your executive authority to accomplish your goals?"
Changing federal regulations is one of the major tools of executive authority they're talking about 3/
Changing federal regulations is one of the major tools of executive authority they're talking about 3/
What would I like to see the next Democratic POTUS do with that authority?
Strengthen privacy protections, strengthen patient control over who does and does not have access to our intimate medical information, strengthen public education and enforcement efforts. /4
Strengthen privacy protections, strengthen patient control over who does and does not have access to our intimate medical information, strengthen public education and enforcement efforts. /4
I'm deeply concerned about the business partner loophole in HIPAA that allowed this to happen:
/5 https://www.cnbc.com/2018/04/05/facebook-building-8-explored-data-sharing-agreement-with-hospitals.html
/5 https://www.cnbc.com/2018/04/05/facebook-building-8-explored-data-sharing-agreement-with-hospitals.html
The same loophole allowed this to happen:
https://www.nytimes.com/2019/11/11/business/google-ascension-health-data.html
/6
https://www.nytimes.com/2019/11/11/business/google-ascension-health-data.html
/6
When I give permission to my GI doc, a person who I've known for a decade, a person I trust with my life, to collect sensitive medical information with me, that permission shouldn't extend to Google or Facebook. But under the current regulatory regime? It does. 7/
And I want to be clear, my GI doc hasn't done anything wrong. She's employed by a very large, very prestigious academic medical center.
That academic medical center uses an "electronic health record" product from a company called EPIC. 8/
That academic medical center uses an "electronic health record" product from a company called EPIC. 8/
EPIC is, by the way, a corrupt corporate actor – it steals from its employees and, with the aid of the @GOP, @FedSoc, Mitch McConnell, and Neil Gorsuch re-wrote labor law in order to get away with it. 9/ https://www.wiscontext.org/epic-systems-lawsuit-ruling-has-wide-reaching-impact-employee-rights
Why does the hospital I go to use an electronic health record (EHR) from EPIC?
In '09, President Obama signed the American Recovery & Reinvestment Act into law
ARRA was about more than just 'cash for clunkers' – it also contained something called the 'HITECH Act' 10/
In '09, President Obama signed the American Recovery & Reinvestment Act into law
ARRA was about more than just 'cash for clunkers' – it also contained something called the 'HITECH Act' 10/
The Health Information Technology for Economic & Clinical Health Act was meant to 'promote the adoption & meaningful use of health information technology' – mostly EHRs. Basically, the feds provided financial incentive$ to HCPs for adopting EHRs – and later, penaltie$ for not /11
EHRs were seen as a tool to make medical care better & safer for patients. Instead of filling out a clipboard full of forms at each & every apt, instead of being told tests would have to be repeated because your rheumatologist didn't get results from your PCP's office /12
instead of having to drive to the hospital & sign out the x-ray films & hand carry them to the ortho office yourself – EHRs were meant to take care of all that. A definitive repository of all clinical info about you that your care team would have access to wherever you were /13
...would cut down on preventable medical errors. No more medication errors because the patient in ED bay 2 said he's on dexamethasone when he was really on dexmedetomidine, no more exposing pt's to unnecessary ionizing radiation to repeat imaging etc. /14
but, as I will keep saying until the day I die, healthcare is complicated & the details matter; they're literally life & death
The implementation/rollout of the HITECH Act didn't go spectacularly well. We've ended up with the worst of what EHRs can be see, eg, @EPICEMRparody /15
The implementation/rollout of the HITECH Act didn't go spectacularly well. We've ended up with the worst of what EHRs can be see, eg, @EPICEMRparody /15
And these EHRs have an enormous amount of data in them, sensitive, intimate data. Centralized. Computerized. And now, commodified. By google and facebook.
HIPAA and the agency charged with enforcing it, HHS, has utterly failed to protect the privacy interests of patients. 16/
HIPAA and the agency charged with enforcing it, HHS, has utterly failed to protect the privacy interests of patients. 16/
As we've seen this massive shift towards all health data being electronic, and hosted in these products controlled by malicious for-profit companies like EPIC, we've seen no meaningful, concomitant move to protect patient safety. /17
I'd increase enforcement of HIPAA. I don't know that the creation of a private right of action could be accomplished solely through regulation alone, so we'd likely continue to rely on the Office for Civil Rights in HHS (the office charged with enforcing HIPAA). 19/
OCR has, in my opinion, been derelict in their duty to safeguard the privacy of patients. I'd advise the next Democratic POTUS to appoint a stellar attorney with significant experience as a patient as head of OCR.
Significant. Experience. As. A. Patient. 20/
Significant. Experience. As. A. Patient. 20/
If my friend & colleague @GilmerHealthLaw wanted the job, I'd give it to her. If she didn't, I'd advise the administration to create a position in the office of the Secretary for Erin to serve as an internal watchdog for privacy enforcement. 21/
There is no lawyer whose opinion on HIPAA privacy matters I value more than @GilmerHealthLaw's.
Public education on HIPAA needs to be increased. How many of us have been told by a healthcare facility that something is impossible "because HIPAA"?
They're almost always lying. 23/
They're almost always lying. 23/
