On March 7th, Venture Beat posted an article by Evan Schuman provocatively titled “Health app developers face their biggest obstacle: Privacy Regulations”. I’ve mulled on this article for a couple of weeks to make sure I write a balanced response.
My initial reaction to this article was strong. At first I got a little too focused on the factual errors. Sorry, putting MRNs in email subject lines is not compliant, and if you’re writing an article on HIPAA you need to know that.
Taken at the simplest possible level Evan is claiming HIPAA is no longer relevant in the medical world. It’s a 19 year old law and the brave new technology space is far more important than patient’s right to privacy. In a connected world privacy is a non-sequitur and we all need to get comfortable with that.
The reasons HIPAA came into being have not changed. My medical history is my personal information that I don’t want to share intentionally, much less, accidently by negligence of a company like a certain major health insurer. If I had a major diagnosis I would feel even stronger about this. Patients who are sick are at a major disadvantage in terms of their capacity to protect their data, and the law serves as a safeguard of their rights.
So, what about an app that takes a continuous temperature like Stemp. Does the data need to be secured? I would argue that with the amount of data that’s collected on individuals today and the ability to synthesize new data from the aggregate of that data, that HIPAA is more important in this case now that in even has been before.
This is obviously a somewhat political topic and where you stand on privacy in general will affect your view. I’m a believer in the idea that health data should be protected by law. Where do you stand?