Chapter 12. HIPAA: The Far-Reaching Healthcare Regulation

Doctors and administrators evaluating health IT software frequently ask, “Is it HIPAA compliant?” We usually answer, “You tell us what it means to be HIPAA compliant, and we will tell whether or not the software is.” HIPAA is probably the most ironic acronym in healthcare. It stands for the Health Insurance Portability and Accountability Act. Although HIPAA has succeeded largely in making health information more “accountable,” it is usually the first excuse for not making it portable.

The regulation of health IT systems has long been a complex and evolving area. Ultimately, the courts and the choices by regulators about what to really enforce determine what any regulation really means. Recent court cases and enforcement have created a much more solid context for defining just what regulations mean. Previously, the federal government was criticized for lacking enforcement for HIPAA and other health-IT-related law. HITECH—the same law that created the meaningful use funding—has changed this, providing new mechanisms for enforcement that should ensure that regulations will really stick. This chapter looks at HIPAA, with a nod to some other federal laws. Each state has a collection of laws that can be just as important to know for your state.

The first basic task is to gain an understanding of how health IT is affected by HIPAA. There at least two reliable ways to do this. The easy way is to read the summaries ...

Get Hacking Healthcare now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.