New U.S. privacy act calls for extreme caution in globalizing the patient record

Washington DC 03 August 1999 Brian Taylor, who is Health care Information Consultant at CT Enterprises, underscores the dangers for the American health care providers which result from the new United States federal Health Insurance Portability and Accountability Act's security and privacy regulations and their potential impact on the globalization of the patient record. Under these regulations, the health care providers in the USA incur the risk to be held liable for any security or privacy violations, even in the case in which such violations occur abroad. Physicians and caretakers will not be allowed to ship patient records around the globe electronically without being certain that the recipient meets the HIPAA regulations for security and privacy.

Advertisement

Brian Taylor, who is Health care Information Consultant at CT Enterprises, underscores the dangers for the American health care providers which result from the new United States federal Health Insurance Portability and Accountability Act's security and privacy regulations and their potential impact on the globalization of the patient record. Under these regulations, the health care providers in the USA incur the risk to be held liable for any security or privacy violations, even in the case in which such violations occur abroad. Physicians and caretakers will not be allowed to ship patient records around the globe electronically without being certain that the recipient meets the HIPAA regulations for security and privacy.

The control over electronic medical records and the protection of both the privacy and integrity of these patient files have become a hot topic. According to the Health Insurance Portability and Accountability Act (HIPAA) of August 21st 1996, United States Congress has until August 21st 1999 to write legislation regulating medical information privacy. Otherwise, the Department of Health and Human Services (HHS) will be required to set the standards. Given the fact that the deadline set by the HIPAA may be too tight, Congress will most likely vote to extend the period for regulation.

According to Brian Taylor, the globalization of the patient record can take several forms. Not only can the record itself be globalized in terms of its distribution, but also in terms of its availability or ease of access and its preparation or processing. A good example of the latter is a fairly recent development in which medical transcriptionists in countries such as India, Pakistan, the Philippines, and Nairobi are being used to transcribe the dictation of American physicians. This obviously means that both the voice file (dictation) and the text file (transcription) are, for at least some period of time, outside the purview of the protections which are being implemented under the new U.S. privacy act known as HIPAA.

Given the economic value of patient records to various parties who have no legitimate right to such records, how long will it be before such records are available for sale in these countries, as Brian Taylor justly remarks. And what is more, how can any of the security and privacy provisions of HIPAA be verifiably implemented with the kind of certainty which the nature of patient records demands? And how will an American provider who engages an offshore firm which violates the provisions of HIPAA, be able to escape liability himself?

"As we globalize the patient record, we need to seriously consider the stream of processes which result in the record and ask ourselves where such processes might take the information beyond our control, and vulnerable to attack, to loss, or to misappropriation. We cannot negate the entire purpose of HIPAA by recklessly or negligently moving patient information beyond the scope of accountability", as Brian Taylor logically concludes.


Leslie Versweyveld

[Medical IT News][Calendar][Virtual Medical Worlds Community][News on Advanced IT]