PHI Protection under HIPAA: An Overall Analysis
Kaplan, B. (with appendix by Monteiro, A.P.L.), "PHI Protection under HIPAA: An Overall Analysis," LGPD na Saúde (LGPD Applicable to Health), Dallari, A. B., Monaco, G.F.C., ed., São Paulo: Editora Revista dos Tribunais (Thomsom Reuters), 2021, pp. 61-88. Available at http://ssrn.com/author=2307861
31 Pages Posted: 3 May 2021
Date Written: October 26, 2020
Abstract
This chapter discusses the predominant national regulatory privacy protections for health data in the US. It focuses primarily on the Health Insurance and Portability and Accountability Act (HIPAA), the best-known federal health data privacy legislation, and on those aspects related to privacy rather than to security. It includes a summary of HIPAA and other federal regulations, and what they cover and what they do not. In addition to how the Department of Health and Human Services administers HIPAA, the chapter also provides a brief overview of responsibilities of other federal regulatory agencies in regards to health data. It then discusses gaps and limitations in health data privacy policy.
This chapter joins other scholarship and commentary in pointing out inadequacies in US health data privacy and in hoping for better approaches that maintain privacy and security for all data while making available data for public good and improving life. The chapter includes an Appendix that compares some of the most important provisions of the HIPAA framework and the LGPD as a starting point for considering what can be learned from HIPAA.
Keywords: HIPAA, LGPD, Privacy, Consent, Bioethics, Confidentiality, Health Data, Ethics, Health Records, Medical Data, Patient Privacy, Health Data Protection, Health Care Legal, Ethical and Regulatory
Suggested Citation: Suggested Citation