Press "Enter" to skip to content

Why you can't count on HIPAA to protect your health information privacy

Think all of your health information is automatically “protected health information”?

Think again.

Many consumers assume that if information is related to their healthcare, then regulations surrounding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will require agencies to protect it. That’s true for “covered entities,” but some organizations that handle personal health information may not qualify as such.

According to the U.S Department of Health and Human Services (HHS), covered entities are one of the following:

  • A healthcare provider
  • A health plan
  • A healthcare clearinghouse

In addition, any business associates that help a covered entity “carry out its health care activities and functions,” must also abide by HIPAA regulations.

But with an explosion of direct-to-consumer offerings, more people are sharing their health information directly with an array of vendors, who may not fall within these definitions—like companies that provide fitness apps.

To complicate matters more, regulations surrounding mobile apps and mobile devices may have different requirements, depending upon which definitions apply.

In an article for Health Info Security, Marianne Kolbasuk McGee writes about these complicated dynamics—which you can read about here:

Another Fitness App Exposes Users’ Data

 

Spread the love
Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.