HealthBlawg

David Harlow's Health Care Law Blog

  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

HIPAA for Web and Mobile Developers and Designers (and for everyone, The Data Map)

May 15, 2014

I spoke at the HxRefactored conference in Brooklyn this week. The title of my talk was Dancing with HIPAA and it was intended as an introduction to health care data privacy and security regulations, practical concerns and — most important — practical solutions to privacy and security issues whether subject to HIPAA or not. Many issues for this audience will be triggered by data not gleaned from a health record maintained by a health care provider or payor. Instead, such data may be released by an individual (and therefore no longer covered by HIPAA) and mashed up with data feeds from personal trackers and manually inputted data, put through a health behavior modification recommendation engine, and — voila! — behavior change recommendations are delivered to an individual. In this context, the health data is being held in a special-purpose PHR, not an EHR, so HIPAA rules don't apply and therefore OCR enforcement should not be of concern — though the FTC breach notification rules apply and, as we know, the FTC asserts broad parallel jurisdiction to enforce HIPAA as well.

Here are my slides:

 

Dancing With HIPAA (HxRefactored 2014) by David Harlow

Embedded in the presentation is a fascinating web page posted by the Data Map at Harvard. (Shout out and thank you to Latanya Sweeney, on leave from Harvard to serve at CTO of the FTC. Hat tip to Jane Sarasohn-Kahn for tweeting a link last week.) A screen shot from this site is used at the top of this post. Digging deeper through this resource is a fascinating and rewarding exercise. It describes itself as

an online portal for documenting flows of personal data. It tells you where your data goes. The goal is to produce a detailed description of personal data flows in the United States. The effort started with health data and is expanding to other kinds of personal data.

Check it out.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Related Posts

  • HIPAA confusion and solutions

    The current AIS Health Report on Patient Privacy tells us: National Review of HIPAA Compliance…

  • Unlocking the Power of Health Data

    A Perspectives piece I wrote was published this week by iHealthBeat - Unlocking the Power…

  • Hacking HIPAA

    Join me in attacking an endemic problem in health care today by Hacking HIPAA. I…

Filed Under: Digital Health, FDA, FTC, Health 2.0, Health care policy, Health Law, HIPAA, mHealth, OCR, ONC, PHR, Privacy, Security

« Health Tech Innovation Meetup in NYC
The Affordable Care Act: How Provider Organizations Can Succeed Under Health Reform »

Threads

Follow me on: Threads

Mastodon

Follow me on: Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2025
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]