The report recommends that health research be governed by different, new data security standards, regardless of who pays for the research.
In addition, the privacy of Americans' personal health information isn't adequately protected by existing federal government regulation, including the Health Insurance Portability and Accountability Act (HIPPA).
HIPAA is intended to protect patients' health information while at the same time allowing the use of data for health care and research. However, HIPPA doesn't apply the same way to all health research.
New rules would treat all health research equally. All institutions doing health research would be required to use encryption for laptops, flash drives and other portable media. Security breaches of health information databases are a growing problem.
What does this mean for the wellness professional?
There are no changes coming up soon that will have an impact on most employee groups. However, it use this as a reminder that all employee health data is governed by strict regulation.
- Is all employee health data shredded when no longer needed?
- Is data encrypted?
- Are laptops and flash drives containing employee health information all accounted for?
- Are rooms housing health records secured when empty?