This paper argues that HIPAA legislation has a severe flaw within its architecture; a flaw which is severely compromising patient privacy. Although the drafters of the legislation recognized the importance of providing comprehensive privacy legislation at the federal level (to improve uniformity amongst states), they failed to recognize the importance highly specific ("granular") technical requirements play in facilitating improved privacy for patients. This paper suggests that HIPAA rules surrounding technology implementation give too much latitude to covered entities. Consequently, the rules fail to provide adequate protection to protected health information. HIPAA rules should be amended to mandate baseline technical granular standards to ensure uniform efficacy in the safeguarding of protected health information. Until such time, Electronic Health Record (EHR) system vendors and service providers, should exercise vigilance and institute a higher threshold of security and privacy practices when deploying systems into their environment.
- HIPAA 5010,
- Healthcare Information Privacy,
- Tim Wafa,
- Electronic Health Record Security,
- EHR Systems,
- Internet Security
Available at: http://works.bepress.com/tim_wafa/2/