The letter was signed by the Association for Competitive Technology and several digital health companies including AirStrip. They say HHS must make user- and developer-friendly information on HIPAA widely available, update documentation to fit current technology and improve outreach to new entrants.
Morgan Reed, the executive director of ACT, said in an interview that he hopes the letters sparks the “needed pressure (HHS) needs internally” to refine its approach toward HIPAA.
Cloud technology in particular, Reed said, is ill served by the current HIPAA regime. Cloud storage, according to the letter, “is essential for success in the new mobile, always-on world,” but the industry doesn't have sufficient clarity from regulators on the encryption of data stored in the cloud when the provider doesn't have the key to the encryption. “Most technologists (and some at HHS) see that kind of storage as different and one that should not trigger HIPAA obligations,” the organizations argue in the letter.
This argument has been made in Congress before. In July, Amazon.com's Paul Misener, the firm's vice president for global public policy, argued before the House Energy & Commerce Committee that Amazon's provision of cloud technology for healthcare providers was hindered by this interpretation.
In a statement responding to the letter, Marino said he would like to see HHS, “as well as other governmental departments that enforce and regulate the implementation of Health Insurance Portability and Accountability Act standards, revamp the way in which they provide information and interact with the public, including large and small healthcare companies.”
“A company should not be forced to staff up with a dozen lawyers simply to ensure they are in compliance with the law,” Marino said.
Follow Darius Tahir on Twitter: @dariustahir