After the Supreme Court docket determined to finish federal safety for abortion in June, many abortion advocates and lawmakers began agitating for the Biden administration to make modifications to the medical privateness regulation HIPAA. That’s as a result of HIPAA has many, many gaps and doesn’t truly maintain data round abortion secure in lots of conditions.
Right here’s one thing HIPAA does do, although — govern rubbish! It’s a HIPAA violation for somebody to do what the New England Dermatology and Laser Middle (NEDLC) did final yr: throw away containers with affected person labels on them in a car parking zone dumpster. The labels had affected person names and birthdays on them, and a safety guard discovered them. The Division of Well being and Human Companies did an investigation, and NEDLC settled for $300,640.
There are very particular guidelines round how healthcare suppliers and insurance coverage corporations can get rid of identifiable well being details about their sufferers. They’ll’t simply put capsule bottles or affected person information in dumpsters, the place anybody may be capable of come throughout them. Healthcare suppliers needs to be “shredding, burning, pulping, or pulverizing” paper affected person well being information, the company says in an FAQ. In the event that they’re attempting to eliminate digital well being information saved on arduous drives, they need to be destroying them by “disintegration, pulverization, melting, incinerating, or shredding.” Typically, they could be capable of put prescription bottles or hospital ID bracelets in locked dumpsters.
As a substitute of doing any of that, the NEDLC would simply put containers with affected person labels within the common rubbish.
After the HHS investigation, NEDLC agreed to create and implement a brand new coverage for the way it’ll get rid of well being data. It’ll practice staff and penalize any staff who don’t comply with the brand new plans.
That is the kind of factor HIPAA is constructed to do. It makes certain somebody doesn’t have a container displaying that that they had a dermatological take a look at left in a car parking zone. It makes certain that docs don’t go away nasty Google opinions about sufferers and that hospitals are defending towards cyberattacks that might reveal affected person data. It doesn’t be sure that cops can’t entry your medical information, and it doesn’t cease interval monitoring apps from sharing knowledge with Fb or Google. HIPAA will be helpful, however it was constructed for rubbish — not for the digital surveillance age.