In 2016, the healthcare sector faces a variety of complex legislative and regulatory issues, especially those tied to patient privacy, says attorney Kirk Nahra.
For instance, proposed modifications to the decades-old Common Rule, the primary regulation covering federally funded research, could affect privacy guidance, he says in an interview with Information Security Media Group.
The theme of the proposed Common Rule changes, Nahra says, is "where we can streamline or eliminate regulatory burdens of the Common Rule in situations where there are not [privacy] concerns for patients, we're going to try to take those steps," he says. Although the proposed changes primarily impact researchers, the modifications also potentially affect the analytics that organizations perform on their own data, he says.
"It's going to have a big impact on the kinds of activities that go on ... with data-related research, where there are appropriate privacy and security protections in place," the attorney notes.
In a related regulatory effort, the healthcare sector could also potentially face HIPAA Privacy Rule changes if the 21st Century Cures bill, which was passed by the House last year, is approved by the Senate and signed into law by President Obama.
That pending legislation, which aims to advance medical research and innovation, contains provisions that would alter HIPAA by eliminating the need for patient authorization for the use or disclosure of their protected health information for research purposes if HIPAA covered entities or business associates are involved.
The privacy provisions in the 21st Century Cures bill, as currently written, could be in conflict with the proposed Common Rule changes, Nahra notes. "I'm optimistic if this bill makes its way through the Senate, the Senate will actually clean up a lot of these privacy provisions," he says.
In the interview (see audio link below photo), Nahra also discusses:
- The likely impact on healthcare organizations of the Cybersecurity Act of 2015, which aims to improve cyberthreat information sharing;
- Evolving regulatory concerns related to the security and privacy of big data;
- Whether the HIPAA Security Rule needs to be updated to keep up with advancing technology and evolving cyberthreats.
As a partner at the law firm Wiley Rein LLP, Nahra specializes in privacy and information security issues, as well as other healthcare, insurance fraud and compliance issues. He's a former member of the board of directors of the International Association of Privacy Professionals and was co-chair of the Confidentiality, Privacy and Security Workgroup, a former panel of government and private-sector privacy and security experts advising the American Health Information Community.