Becker's Healthcare November 22, 2019
Despite the widespread expectation that HHS and HIPAA protect patients from unauthorized data-sharing like that of Google and Ascension’s “Project Nightingale,” technology has advanced far beyond the boundaries of the 1996 law, The Wall Street Journal reports.
“We have these enormous gaps in our regulatory framework,” Deven McGraw, a former HHS official, now chief compliance officer for health tech startup Ciitizen, told WSJ. “It was never intended to cover the universe and as that universe expands, it looks less and less adequate.”
Project Nightingale, for instance, does not violate HIPAA: The law allows healthcare providers’ business partners to handle patient records so long as they protect the data from misuse or unauthorized disclosure. Patient permission is not required for data-sharing...