The 21st Century Cures Bill recently went to the vote, and was passed by the House of Representatives by 344 to 77; should the bill be passed by the senate, HIPAA Privacy Rule changes will be required.
The bill has caused some controversy due to issues relating to patient privacy; however while there may be critics of the bill, it was passed unanimously by the House Energy and Commerce Committee in May. This vote did not show such strong support, but it will now go before the Senate.
The results of the ballot show most are in favor of the bill and believe that medical research is being hampered by current regulations put in place to protect the privacy of patients. There are currently a number of barriers that need to be removed to help medical researchers discover new cures to new strains of bacteria, and control the spread of new diseases.
HIPAA Privacy Rule Changes Needed to Assist Medical Researchers
The bill requires HIPAA Privacy Rule changes to allow the sharing of certain types of information without prior consent being required from patients. If passed by the Senate, the new law will allow healthcare providers to share data for the purposes of medical research. At present, data can be shared, but only if personal identifiers have been stripped out of the data first.
The 309-page 21st Century Cures Bill introduces many new changes to further enhance the speed at which new cures are discovered; helping medical researchers by providing them with important data.
However, privacy critics condemn the bill. They maintain the sharing of data with others increases the risk of patient privacy being violated, and of that data being stolen and used for criminal activities. The current volume of data breaches show that what is needed is fewer weak links in data security protections. Opponents to the proposed HIPAA Privacy Rule changes claim it will increase the risk of data exposure, and the damage and harm that can cause to patients.
The Cures Bill recognizes the importance of electronic health records, but major security flaws in the systems have potential to cause considerable harm. The new bill will allow EHR vendors to be punished for selling systems that do not offer the required level of security to keep records safe.
While medical records can be shared with researchers, patients are also given new rights. They will, for instance, be permitted to obtain copies of their full health records, including notes physicians have taken on them. Access to unstructured data will also be provided. At present, the Privacy Rule gives patients the right to obtain their medical records from a hospital or other HIPAA-covered healthcare provider, but this does not include ALL data that is held on a patient.
The bill does promise to remove the major obstacles holding back medical research and, by allowing data to be shared with certain third parties, the provision of healthcare should improve. However, it is vital that the necessary data security controls are also introduced to ensure additional data security risks are effectively managed.