If you are a technology company developing products for the health market, you have probably heard about and maybe even been “warned” about HIPAA (the Health Insurance Portability and Accountability Act). If you are asking, “How can I avoid complying with HIPAA?” you might be asking the wrong question. Health care is almost 20 percent of the U.S. economy and craving the kind of innovation that technology companies can bring. Leaders in the health care space, like those at AcademyHealth, are pushing for changes to the health system to achieve better care, smarter spending, and healthier people. And they can’t do it without your help.
Compliance with HIPAA opens up new business opportunities, and, in an age of data breaches and privacy concerns, it can set you apart as a company that cares about protecting the information you have about your customers and the patients/clients of those you work with.
Recently, AcademyHealth facilitated a Health Data Innovator Privacy and Security Workshop supported by the California Health Care Foundation. As a featured speaker at the workshop, I’ve pulled out some of the key insights around when and how HIPAA might apply to those working in digital health.
Does HIPAA Apply to My Work?
Maybe. HIPAA does not apply to all health data. It depends on who collects or maintains the data and the relationships with HIPAA covered entities or business associates.
Generally, HIPAA applies to health data collected or maintained by those in the traditional health care space, including health plans and most health care providers (such as doctors, hospitals, pharmacies, and labs) and those doing business on behalf of these entities (such as a billing company or a cloud storage provider (CSP)). However, if the same data is held by the consumer or by a product or company that has a relationship only with the consumer, then it is not covered by HIPAA, although other federal laws may apply. Typically, technology companies will be business associates working with clients that are covered health care providers or health plans.
Continue Reading Bringing Innovative Technology to Healthcare…What about HIPAA?