Skip to content Skip to navigation

Is HIPAA impeding use of data in healthcare?

December 10, 2013
by Richard R. Rogoski
| Reprints

A report released last week by the Washington, DC-based Bipartisan Policy Center says the overuse of security and privacy rules, especially the Health Insurance Portability and Accountability Act (HIPAA), may hinder the use of big data—enormous and complex data sets—in the delivery of high-quality healthcare and the sharing of valuable information.

The report, the result of a healthcare leadership forum held in June, noted how important big data has become to all aspects of healthcare. "Big data can lead to the development of an anticipatory healthcare system, where providers can create personalized evidence-based medicine, tailored to patients’ personal prevention profiles, social determinants of health, and even preferences for how, where, and when they want to receive care. It can help to identify both public health threats and safety issues. Big data can help researchers understand more than ever before about health and the many factors that affect it, as well as determine what treatments are most effective for particular conditions," the authors wrote.

More importantly, especially for long-term care, big data and predictive modeling can be used to unearth trends and identify targets for cost-reduction and unnecessary spending.

But in addressing privacy and security issues, the report also states: "Concerns about privacy and security are sometimes cited as barriers to further progress on the use and exchange of big data. While [HIPAA] is designed to safeguard patient privacy, it is often misunderstood, misapplied and over-applied in ways that may inhibit information sharing unnecessarily. Additionally, a great deal of data about individuals falls outside the purview of HIPAA, such as consumer-generated data that might be posted on social networks, stored in apps or shared through other online sources. HIPAA specifies how data should be de-identified, but there is considerable variability in the practice of anonymization and no existing standards to govern it."

And although the report supports the use of privacy rules, it does offer a recommendation. "Providing more clarity regarding the application of existing federal and state privacy laws will help organizations meet the challenge of effectively collecting, using and protecting information from so many sources to improve health and healthcare."