"Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research"

Report: HIPAA Privacy Rule Not Private Enough

In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA), which called for a set of federal standards, now known as the HIPAA Privacy Rule, for protecting the privacy of personally identifiable health information. One major goal of the Privacy Rule is to ensure that individuals' privacy is properly protected while allowing the flow of information needed to promote high-quality health care. In 2007, the Institute of Medicine charged the Committee on Health Research and the Privacy of Health Information with two major tasks: 1) to assess whether the HIPAA Privacy Rule is having an impact on the conduct of health research, and 2) to propose recommendations to facilitate health research while maintaining or strengthening the privacy protections of personally identifiable health information. In its 2009 report, Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research, the committee concludes that the HIPAA Privacy Rule does not protect privacy as well as it should, and that, as currently implemented, it impedes important health research.

The committee determined that the Privacy Rule's research provisions have many serious limitations, and, therefore, it recommends first and foremost that Congress authorize the Department of Health and Human Services and other relevant federal agencies to develop a new approach to ensuring privacy in health research. This new framework, which should be applicable to all health research in the United States regardless of the source of funding or the holder of the data, would improve the privacy and confidentiality of personal health data used in research by reducing variability in the ethical oversight of research and by placing a high priority on strong security protections. It would also enable responsible research and enhance trust in the research enterprise, the report concludes.

Whether the Privacy Rule is revised or a new framework is adopted, the committee stresses the need for three additional changes. The committee recommends that all health research institutions take strong measures to safeguard the security of personallly identifiable health information. It recommends that HHS support the development and use of new security technologies and self-evaluation standards. In addition, to encourage people to volunteer to serve on IRBs or Privacy Boards, the committee recommends that HHS or Congress, as necessary, provide reasonable protection against civil suits for IRB and Privacy Board members. The protection should be reserved for good-faith decisions made within the scope of the Boards' responsibilities and backed by minutes or other evidence; there should be no protections for misconduct in reviewing the research. Because studies show that the majority of Americans are interested in the findings of health research, the committee recommends that HHS and researchers take steps to inform the public further about health research--how research is conducted, the results it produces, and what value it provides to society. For more information, visit www.iom.edu, and click on the "Reports" button.

Download Center

  • Safety Metrics Guide

    Is your company leveraging its safety data and analytics to maintain a safe workplace? With so much data available, where do you start? This downloadable guide will give you insight on helpful key performance indicators (KPIs) you should track for your safety program.

  • Job Hazard Analysis Guide

    This guide includes details on how to conduct a thorough Job Hazard Analysis, and it's based directly on an OSHA publication for conducting JHAs. Learn how to identify potential hazards associated with each task of a job and set controls to mitigate hazard risks.

  • A Guide to Practicing “New Safety”

    Learn from safety professionals from around the world as they share their perspectives on various “new views” of safety, including Safety Differently, Safety-II, No Safety, Human and Organizational Performance (HOP), Resilience Engineering, and more in this helpful guide.

  • Lone Worker Safety Guide

    As organizations digitalize and remote operations become more commonplace, the number of lone workers is on the rise. These employees are at increased risk for unaddressed workplace accidents or emergencies. This guide was created to help employers better understand common lone worker risks and solutions for lone worker risk mitigation and incident prevention.

  • EHS Software Buyer's Guide

    Learn the keys to staying organized, staying sharp, and staying one step ahead on all things safety. This buyer’s guide is designed for you to use in your search for the safety management solution that best suits your company’s needs.

  • Vector Solutions

OH&S Digital Edition

  • OHS Magazine Digital Edition - June 2022

    June 2022

    Featuring:

    • SAFETY CULTURE
      Corporate Safety Culture Is Workplace Culture
    • HEAT STRESS
      Keeping Workers Safe from Heat-Related Illnesses & Injuries
    • EMPLOYEE HEALTH SCREENING
      Should Employers Consider Oral Fluid Drug Testing?
    • PPE FOR WOMEN
      Addressing Physical Differences
    View This Issue