The 800-Pound HIPAA-Potamus

If you want to see a healthcare marketer or public relations professional turn white, mention the acronym “HIPAA.” HIPAA stands for Health Insurance Portability and Accountability Act of 1996. You may remember all the election-year hoopla in 1996 about healthcare and how the U.S. Congress wanted to protect your health insurance in case you lost your job.

Embedded in that act was also legislation governing privacy of individually identifiable health information. People get squirrelly about their health information, and HIPAA was enacted to ease those fears. The healthcare sector is still holding its breath because specific regulations are still winding their way through Congress and the Department of Health and Human Services.

Those of us in healthcare are waiting to hear what the policies are that will address who should have access to identifiable information, what an individual’s rights are regarding his or her information, and what constitutes inappropriate access. It’s important to note, as well, that “healthcare provider” does not only mean your doctor. It includes any “healthcare provider, healthcare clearing-house, or health plan that electronically maintains or transmits health information pertaining to an individual.”

Open Your Mouth and Say “AAAAAAA!!!”

This means any organization or individual that provides any type of health service or product including many of those 20,000 (give or take) health web sites out there that ask or require your personal information online drugstores, online health-risk questionnaires that store your results, and disease communities that ask about a profile also fall under the term “healthcare provider.” The definition of “health information” also throws organizations, such as schools, universities, employers, life insurers, and others, under the net.

The potential here is that the expected multibazillion-dollar online health market may come to a screeching halt in the face of the threatened $25,000 fines.

There’s even a bigger picture here: the intense (and intensely bad) publicity that will predictably come at the first regulations breach. Woe to the healthcare provider who wakes up to the newspaper headlines about a security breach at his or her facility or organization. The $25,000 fine will be nothing compared to the lost trust of patients and the nervous reaction of payers (like health insurance companies) who want to avoid guilt by association.

Code Red in Your Business

A study by the Pew Internet and American Life Project confirmed what we all knew instinctively: Consumers are concerned about their privacy, and they want guarantees. The study went on to report that while they are concerned, they don’t take the most basic steps in protecting their own privacy including giving false information in online forms and questionnaires.

In other words, consumers are worried about privacy, but they want someone else to take responsibility for it. This is why legislation like HIPAA is so popular among the population. If you conduct any kind of business online, take note: The same can happen in your own industry. In other words, keep an eye out for the 800-pound HIPAA-potamus. Even though it’s healthcare, it may have a big impact on your own business.

Related reading