From: Modern Healthcare
By Joseph Conn
The HIPAA privacy and security framework could be broadened as Congress and several federal regulatory agencies outside of healthcare grapple with privacy and security concerns created by mobile and other newer technologies, a Washington privacy expert told members of the American Health Information Management Association on Wednesday.
“There are all kinds of companies gathering all kinds of health information and not having anything to do with HIPAA,” said Kirk Nahra, a lawyer with Wiley Rein, during a session on “Next Generation Privacy and Security Issues” at the AHIMA convention in Atlanta. “This is now the biggest hotspot for the government on privacy and security.”
In December 2000, the Clinton administration released the first privacy rule to the 1996 Health Insurance Portability and Accountability Act. A HIPAA security rule followed in February 2003.
“We certainly didn’t have mobile health care apps when the HIPAA security rule went into effect (in 2005),” Nahra said. Security breaches, both in healthcare and outside with commercial records, and
heightened federal attention to cybersecurity as a part of national defense are combining to put a spotlight on the privacy and security of all electronic records, he said.
The Federal Trade Commission, the FDA, as well as the Defense Department are getting further involved in the data privacy and security regulatory game.