In an increasingly technology-driven world, more and more data is being gathered by the products and services that we use. Gone are the days of paper sign-ins - instead, digital check-in products are just one example of how computing has transformed how data is collected, collated, and stored.
In some industries, this increased volume of data presents opportunities for innovations in areas such as AI; it also challenges existing privacy frameworks, such as HIPAA. While digital disruption in healthcare has given us innovations like telehealth, or the ability to enrol in accelerated nursing programs online, it has also presented challenges.
With privacy legislation nearly thirty years old and rapid innovation in medical technologies, such as telehealth, genetic testing, and wearables, how can healthcare stakeholders, from doctors to administrators, balance the desire for technological advancement with the privacy obligations afforded to patients under the HIPAA Act?
Healthcare Innovation: A New Frontier
Technology has transformed how many industries operate - from manufacturing to retail; almost every tenet of the product lifecycle has felt the effects of technological innovation in the last half a century. In the past, healthcare innovation has often been slow to catch on to technology - primarily due to well-established procedures that are difficult to iterate. Innovation is powerful, sure - but in healthcare, it often takes a backseat to the safety and well-being of patients.
In recent years, however, new technologies such as machine learning, artificial intelligence, and wearable devices have changed how people view healthcare and data. Innovations such as AI-powered virtual assistants that can help support those living with conditions such as dementia present an opportunity to provide highly personalised care, although they do bring challenges.
The Limits of HIPAA
When assessing the information requirements of healthcare technologies, innovators and entrepreneurs often have to take note of the requirements of U.S. healthcare privacy legislation - notably, the Health Insurance Portability and Accountability Act, known as HIPAA. First introduced in 1996, HIPAA provided provisions for the development of common security standards to protect digital healthcare data - at the time, a relatively new area.
Three decades later, HIPAA’s privacy rules have had to contend with the explosive growth in digital healthcare data and the emerging risks that have come from it. The risk of cyberattacks is substantial, with healthcare providers such as UnitedHealth struggling to protect patient data while complying with the regulatory requirements of HIPAA.
Cyberattacks aren’t the only problem, though. It’s essential to recognize that healthcare technology has advanced well beyond the computer - with new developments such as telehealth and wearable medical devices bringing in new challenges for HIPAA to contend with.
Additionally, new ways of working with medical data, such as machine learning models, necessitate using actual medical data to be effective. HIPAA regulations have to consider not only the realm of legacy healthcare data - but also how new and emerging technologies may change how data is used.
Balancing Innovation and Patient Privacy
In a world where medical data is collected and tracked by various technologies and used for everything from fitness training to heart rate monitoring, regulators find themselves in a bind. Change in the healthcare industry is not limited to the US; innovation is a global challenge.
In Australia, a recent scandal involving the nation’s largest radiology provider has highlighted the delicate balance between innovation and patient privacy. I-MED, a radiology network with more than two hundred locations across Australia, found itself at the center of a major controversy when it was found that deidentified patient data was being shared with an artificial intelligence company and being used in training models.
This data was then used to train AI models - to help understand fuel models and aid them in their attempt to identify medical conditions accurately. While a noble goal, I-MED’s willingness to share sensitive information drew fire not only from patients, but also from the Office of the Australian Information Commissioner, a national regulator for privacy.
I-MED’s data sharing highlights the challenges that large and small businesses face. It can be argued that there is a need to innovate and create, particularly in the healthcare sector, where innovation can save lives. However, it’s clear that there needs to be a balance between public interest and private disclosure - something that those covered under HIPAA must be mindful of.
What’s Next?
In a world where technology is constantly evolving, HIPAA represents a constant obligation for healthcare stakeholders to be mindful of. As technology continues to grow and develop, managing patients' rights with the competing interests of commercial ventures creates a unique and evolving challenge for healthcare professionals.
What’s next for HIPAA? It appears that regulatory change may not be the only answer to healthcare privacy, nor simply relying on healthcare stakeholders to do the right thing.
Perhaps healthcare reform requires a rethink of how data is used - and how it could be used to improve the quality of care for those who need it. Regardless, the evidence is clear - managing HIPAA compliance in an age of emerging technology will remain a challenge for even the most experienced professionals as technology continues to change the healthcare landscape.