The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule does not adequately protect the privacy of people's personal health information and hinders important health research discoveries, concludes a new report from the Institute of Medicine.
Congress should authorize the development of an entirely new approach to protecting personal health information in research, separate from the HIPAA Privacy Rule, said the committee that wrote the report. This new approach should apply privacy, data security and accountability standards uniformly to information used in all health-related research regardless of who funds or conducts the research.
If policymakers decide to continue relying on the current rule to protect privacy in health research, the committee recommends a series of changes to improve the rule and the guidance that the U.S. Department of Health and Human Services (HHS) gives on how to comply with it. Recommendations in the report include:
The study was sponsored by the U.S. Department of Health and Human Services, Robert Wood Johnson Foundation, American Cancer Society, American Heart Association/American Stroke Association, American Society for Clinical Oncology, Burroughs Wellcome Fund, and C-Change. Established in 1970 under the charter of the National Academy of Sciences, the Institute of Medicine provides independent, objective, evidence-based advice to policymakers, health professionals, the private sector, and the public. The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies.