Portal de Periódicos da CAPES

HIPAA and Protecting Health Information in the 21st Century

2018; American Medical Association; Volume: 320; Issue: 3 Linguagem: Inglês

10.1001/jama.2018.5630

1538-3598

I. Glenn Cohen, Michelle M. Mello,

Legal Systems and Judicial Processes

HIPAA and Protecting Health Information in the 21st CenturyIn March 2018, the Trump administration announced a new initiative, MyHealthEData, to give patients greater access to their electronic health record and insurance claims information. 1 The Centers for Medicare & Medicaid Services will connect Medicare beneficiaries with their claims data and increase pressure on health plans and health care organizations to use systems that allow patients to access and send their health information where they like.MyHealthEData is part of a broader movement to make greater use of patient data to improve care and health.The movement seeks to make information available wherever patients receive care and allow patients to share information with apps and other online services that may help them manage their health.At the population level, this approach may help identify optimal treatments andwaysofdeliveringthemandalsoconnectpatientswith healthservicesandproductsthatmaybenefitthem.Analysis of deidentified patient information has long been the foundation of evidence-based care improvement, but the 21st century has brought new opportunities.With developmentsininformationtechnologyandcomputationalsciencethatsupporttheanalysisofmassivedatasets,the"big data" era has come to health services research.For all its promise, the big data era carries with it substantialconcernsandpotentialthreats.Partofwhatenables individuals to live full lives is the knowledge that certain personal information is not on view unless that person decides to share it, but that supposition is becoming illusory.The increasing availability and exchange of healthrelated information will support advances in health care and public health but will also facilitate invasive marketing and discriminatory practices that evade current antidiscrimination laws. 2 As the recent scandal involving Facebook and Cambridge Analytica shows, a further risk is that private information may be used in ways that have notbeenauthorizedandmaybeconsideredobjectionable.Reinforcing such concerns is the stunning report that Facebook has been approaching health care organizations to try to obtain deidentified patient data to link those data to individual Facebook users using "hashing" techniques. 3iven these concerns, it is timely to reexamine the adequacy of the Health Insurance Portability and Accountability Act (HIPAA), the nation's most important legal safeguard against unauthorized disclosure and use of health information.Is HIPAA up to the task of protecting health information in the 21st century?