For years, a common refrain in the health care space has been that regulations are constraining innovation.
The latest in a long list of rules that constrain health IT development are the HIPAA/HITECH regulations. (Read all about them here on HealthBlawg.)The Federales begin enforcing these regs on September 23, 2013
HIPAA was not intended to make things worse, but the rules can lead organizations to be very conservative in their actions.
If patients want to use email, standard SMS, non-HIPAA compliant consumer device data, or applications that run on the cloud – they should be able to. Fortunately, there is a way to make this possible.
The object of the Hacking HIPAA project is to create crowdfunded legal forms based on crowdsourced ideas from the Health IT developer community as well as the health care provider and more traditional health IT communities.
We begin with the development of a Common Notice of Privacy Practices — to give patients the ability to easily opt in to levels of security and privacy with which they are comfortable (e.g., Text me! Email me! Build cloud-based apps that help me!) even if they differ from the baseline standards required under HIPAA/HITECH if not modified with patient consent.
I'm working on this with two leading health care open source software developers, Ian Eslick and Fred Trotter.
Ian says, “What we're looking for in this project are new tools that allow us to be more nimble while still protecting privacy [and taking advantage of innovative technologies as] we're accustomed to in every other sphere of our life.”
As Fred notes, "Health care providers are making decisions — not based on what's good for the patient, but what they view as complying with the law and convenient.”
Check out the intro video on the Hacking HIPAA page on Medstartr, and join the project there.
The project is the subject of a GigaOM story posted last week, Emailing your doctor: would you choose convenience over privacy?
David Harlow
The Harlow Group LLC
Health Care Law and Consulting
