Privacy issues still a concern
Readers expressed some concern, but not in overwhelming numbers, about several key changes in healthcare information privacy laws included in the American Recovery and Reinvestment Act of 2009, also called the stimulus law.
Asked whether the new federal ban on the sale of healthcare data in the stimulus law would impact their organization, an overwhelming majority (88%) responded that it would have no impact at all; another 10% indicated it would have a positive impact, while only 2% indicated a negative influence.
Readers responded in much the same way, but to a lesser degree, about the possible effects of extending privacy and security responsibilities and penalties under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, to business associates of their organizations. About 53% suggested there would be no impact, 23% indicated they thought there would be a negative impact and 24% a positive impact.
There were split decisions, however, on the effects of stiffer HIPAA penalties and a new, tough national breach notification requirement in the stimulus law.
Nearly half (47%) of respondents thought there would be no impact from stiffer penalties, but almost an equal percentage (43%) estimate it would have a negative effect. Another 10% say the stiffer penalties would be a good thing for their organizations.
Breach notification was the only question of the four in which a plurality of respondents indicated they foresaw negative consequences: 44% vs. the 42% that saw no impact and 14% who indicated a positive response.
“It sounds like everything is split down the middle, which I would take to mean that a lot of people are in pretty good shape, and others haven’t spent the money yet to do the right thing,” says Deborah Peel, a psychiatrist and founder of the Austin, Texas-based Patient Privacy Rights Foundation. “I’m surprised there weren’t more negatives, from the yowling and fear and loathing, that I hear at conferences.”