The U.S. needs new medical privacy rules as the country moves toward greater use of IT to store health records, a group of healthcare experts said Wednesday.
"Thousands" of databases that contain U.S. residents' health records exist, and patients don't have any way to keep their personal information from being shared with third parties, said Deborah Peel, a psychiatrist and founder of the Patient Privacy Rights Foundation. Private companies have been data-mining prescription records for years, she added.
The Health Insurance Portability and Accountability Act of 1996 sets security standards that healthcare providers must follow, but the law leaves major gaps in privacy, Peel said at an electronic health-records privacy forum sponsored by public relations firm Dittus Communications.
HIPAA gave many organizations with ties to healthcare vendors, including offshore transcription vendors, insurance brokers and credit bureaus, authorization to use healthcare records, she said. "Because of this confusion that HIPAA engendered, data is being exchanged and used for reasons that have nothing to do with people getting well," she said. "People think this is the Wild West because of HIPAA, and every piece of data that's not nailed down can be used for some other purpose."
Read more (registration may be required).