Are HIPAA and interoperability at odds?

The adoption of electronic health records (EHRs) presents doctors with a dilemma when it comes to protecting patient health data.  

On the one hand, Medicare provides incentive payments for meaningful use of EHRs, which requires doctors to capture, store and securely share protected health information with their patients and other providers. On the other, HIPAA makes healthcare providers accountable for keeping protected health information (PHI) confidential, delivering hefty fines for those who fail to comply. 

 

Related: EHRs are ruining the physician-patient relationship

 

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009 raised the maximum fine per violation to $50,000 from $100, and the annual cap for all violations of a specific provision climbed to $1.5 million from $25,000. Criminal penalties under the HITECH Act also now range from $50,000 to $250,000, with up to 10 years in prison, depending on the degree of negligence.

Fear of being fined is frequently cited by the healthcare community as a leading barrier to EHR interoperability--the ability to exchange and interpret patient health data electronically. 

“HIPAA is a great example of the federal government at work where the intention is good, but the outcome in many instances is very bad,” says Michael Mirro, MD, a cardiologist in Fort. Wayne, Indiana, and past chair of the American College of Cardiology’s Informatics and Health IT Task Force. “It strikes fear in the heart of every healthcare worker because they know that even an inadvertent breach can cost them their job.” 

 

Further reading: 10 HIPAA mistakes practices must avoid

 

According to Mirro, HIPAA and EHR interoperability are fundamentally at odds. But policymakers suggest HIPAA isn’t the problem. 

Internal server error