HIPAA is growing! HHS recently released updates to HIPAA to cover a broader spectrum in the digital age. When HIPAA was first implemented in 1996, the world was a very different place. Technology was nowhere near what it is today and patient privacy was mainly about safeguarding paper. Wow, who would have thought that in just a few years people would not only have to worry about a few unauthorized people accessing paper documents but rather face the potential of information becoming available to millions or billions of people on the Internet.
To most in HIT, this is not too much of a difference from the security measures included in the HITECH Act from 2009. Both measures expand penalties to include business associates, including HIT companies. The primary things HIT companies have to worry about are including measures to protect electronic data, such as encryption documentation, and staff training. Really, not much more than one would expect when the patient medical record and means of information exchange have changed from paper to electronic.
The part I wonder about is whether HIPAA regs will ever take on higher level topics surrounding interoperability. While patient privacy and data security was a huge focus in HIPAA 1996, many seem to forget that HIPAA was also the driver behind medical provider NPI, standardization of the claim form, and electronic data exchange for medical claim information - these are all the beinning steps toward interoperability. And, as all know interoperability continues to be a hot topic. I suppose only time will tell.