Privacy laws are the government's answer to identity theft. The laws are sometimes poorly worded, leaving them vague and open to interpretation. So it's not a perfect system, but it's better than nothing.
If you own or manage a company, compliance with those laws are very important to your ability to do business. In Cincinnati, OH a small landscaping company, with 14 employees was closed for violations of the HIPAA law. Although most Americans that know of HIPAA believe it deals only with doctors and hospitals, it actually covers medical information, regardless of who is keeping it.
It doesn't matter whether or not you own a company, though. It's always a good idea to know what laws deal with your personal information, because if you become a victim of identity theft, you'll be running into them.
Healthcare Gets a HITECH Makeover
The Health Information Technology for Economic and Clinical Health (HITECH) act went into effect Feb 17th, 2010. The Ways and Means Committee created this overview (PDF) which gives a brief summary of the act.
- Concerning health information, HITECH requires:
- Establishing a Federal breach notification requirement;
- Expanding the scope of the law to start covering companies and insurers that need access to that information;
- Allowing patients to see where their health information has gone electronically;
- Shutting down companies that "mine" health information for sale;
- Requiring health providers to get permission to use your health information for marketing or fundraising (OK, honestly, who knew this was being done?);
- Giving current privacy laws sharper teeth in the penalties department
These are important because the government expects 90% of doctors and 70% of hospitals will be working with digital records in the next decade. When the credit industry started moving paper records to digital, consumers found errors in their records more often than not. To be fair, some of that may have been due to transcription errors, we just don't know. But medical records are a whole new league, and tighter controls must be in place.
The government is stepping up to the plate, too. "They" are required to develop the guidelines this year for a national healthcare data exchange, and funding it with $20 billion dollars.
HITECH is part of the big picture with the healthcare reform. To be effective, the government must have complete access to our medical and financial information. This upset a lot of Americans, but the bill was passed before this sort of information became widely known. The pursuit is a noble one, to reduce medical errors and duplicate efforts, and possibly improve quality of care and care coordination.
Unfortunately, the largest data breaches were within the government as well. The VA data breach affected veterans and their families from 1975 on – all told, over 26.5 million citizens. Then came the announcement that there had been two previous data breaches that were not reported in the past 12 months. And while the public still had this fresh in their mind, another server was stolen from a subcontractor that had insurance (i.e. personal medical) information stored on it.
Other agencies have been prone to data breaches, the FBI, Department of Transportation, even the Justice Department. In fact the Government Accountability Office (GAO) has made congress officially aware of the problem. HITECH aims to close the gap, but it would be fair to say the law has skeptics.
