HIPAA is nearly 25 years old. It was signed into law in 1996 by president Clinton. HIPAA is older than Netflix. It had several goals at the time of passing, but it is mostly known now as a compliance bar everyone has to get over when dealing with patient data.
“Is our email system HIPAA compliant?”
“Is our video conferencing HIPAA compliant?”
There are penalties if you violate HIPAA as well. We’ve all heard about the “$10,000 fine” for each HIPAA disclosure and there have been cases where that has happened.
For all the good HIPAA has done, it isn’t aging well and it’s time for an overhaul.
As we struggle to deal with COVID-19, HIPAA is the oft-cited reason we can’t get a better, more complete picture of the progress of the disease. This lack of transparency breeds a lack of trust and possibly a lack of vigilance on the part of the public. For some, the threat doesn’t feel real because the cases have no detail. It’s understandable. Would you be more likely to stay at home and “social distance” if you KNEW that COVID-19 case was in YOUR neighborhood?
This lack of access to data is a real shame too. We live in an age with unprecedented tools for analyzing data, finding patterns and making predictions. Just take a quick look at the amazing work being done on Kaggle. There is a project there to analyze publicly available data to help us understand the disease. Seriously, take a look at this literature review, done with machine learning. It’s read all the research papers on 2019 nCov and made estimates about important disease parameters. This is just one project, there are many. You’ll notice they aren’t using data from the spread of the disease in the US because they don’t have access to it.
We’re also missing an opportunity to measure the effectiveness of strategies our government has put in place to help slow the spread. Without knowing it, we’re doing A/B testing on a massive scale. But without robust data, we can’t tell if the strategies we’re employing are having the outcomes we want. This isn’t just a shame, it could be costing lives and it is most certainly adding to the suffering.
Are we comfortable letting politicians make strategy calls on slowing a pandemic? Are we confident they are listening to the experts? Which techniques work? How well? When should these strategies be employed? Using data that exists, but isn’t available except to a precious few, we could know and debate in public, from a place of knowledge.
It isn’t just COVID-19 either.
In some places, HIPAA has become a tool to avoid scrutiny. I have personally seen government agencies turn down requests for aggregated, non-identifiable healthcare data citing “HIPAA” as the reason why. That’s not what HIPAA was supposed to be for.
It’s impossible to analyze the performance of state healthcare programs if we can’t see what we’re paying for. It certainly doesn’t give you confidence about the quality of the program when it’s hidden from view.
We are wasting two valuable resources: our data and a huge community of talented experts who are standing by, ready to help but can’t. We can do better. It’s time to draft a HIPAA replacement before the next global pandemic. We owe it to ourselves.