Saturday, January 28, 2023

World No 1 Tech News Website

TechGarbage is sometimes a HIPAA violation

Garbage is sometimes a HIPAA violation

After the Supreme Court decided to end federal protection for abortion in June, many abortion advocates and lawmakers started agitating for the Biden administration to make changes to the medical privacy law HIPAA. That’s because HIPAA has many, many gaps and doesn’t actually keep information around abortion safe in many situations.

Here’s something HIPAA does do, though — govern garbage! It’s a HIPAA violation for someone to do what the New England Dermatology and Laser Center (NEDLC) did last year: throw away containers with patient labels on them in a parking lot dumpster. The labels had patient names and birthdays on them, and a security guard found them. The Department of Health and Human Services did an investigation, and NEDLC settled for $300,640.

There are very specific rules around how healthcare providers and insurance companies can dispose of identifiable health information about their patients. They can’t just put pill bottles or patient records in dumpsters, where anyone might be able to come across them. Healthcare providers should be “shredding, burning, pulping, or pulverizing” paper patient health records, the agency says in an FAQ. If they’re trying to get rid of digital health records stored on hard drives, they should be destroying them by “disintegration, pulverization, melting, incinerating, or shredding.” Sometimes, they might be able to put prescription bottles or hospital ID bracelets in locked dumpsters.

Instead of doing any of that, the NEDLC would just put containers with patient labels in the regular garbage.

After the HHS investigation, NEDLC agreed to create and implement a new policy for how it’ll dispose of health information. It’ll train employees and penalize any employees who don’t follow the new plans.

This is the sort of thing HIPAA is built to do. It makes sure someone doesn’t have a container showing that they had a dermatological test left in a parking lot. It makes sure that doctors don’t leave nasty Google reviews about patients and that hospitals are protecting against cyberattacks that could reveal patient information. It doesn’t make sure that cops can’t access your medical records, and it doesn’t stop period tracking apps from sharing data with Facebook or Google. HIPAA can be useful, but it was built for garbage — not for the digital surveillance age.

Related articles

Aizaz khan
Aizaz khanhttps://myelectricsparks.com/aizaz-khan/
Aizaz was the first person to get a byline on his blog on technology from his home in Bannu in 2017. Then, he went on to a career in breaking things professionally at my electric sparks which is where he eventually took over the kit as a hardware editor. Today, as the senior editor of hardware for my electric sparks, he spends time reporting about the most recent developments in the hardware industry and technology. If he's not reporting on hardware or electronics, you'll see him trying to be as remote from the world of technology as possible through camping in the wild.

LEAVE A REPLY

Please enter your comment!
Please enter your name here