Document Type

Article

Publication Date

2014

Abstract

This Article examines how new technologies generate privacy challenges for both healthcare providers and patients, and how American health privacy laws may be interpreted or amended to address these challenges. Given the current implementation of Meaningful Use rules for health information technology and the Omnibus HIPAA Rule in health care generally, the stage is now set for a distinctive law of “health information” to emerge. HIPAA has come of age of late, with more aggressive enforcement efforts targeting wayward healthcare providers and entities. Nevertheless, more needs to be done to assure that health privacy and all the values it is meant to protect are actually vindicated in an era of ever faster and more pervasive data transfer and analysis.

After describing how cloud computing is now used in healthcare, this Article examines nascent and emerging cloud applications and big data processing methods. Current regulation addresses many of these scenarios, but also leaves some important decision points ahead. Business associate agreements between cloud service providers and covered entities will need to address new risks. To meaningfully consent to new uses of protected health information, patients will need access to more sophisticated and granular methods of monitoring data collection, analysis, and use. Policymakers should be concerned not only about medical records, but also about medical reputations used to deny opportunities. To implement these and other recommendations, more funding for technical assistance for health privacy regulators is essential.

Publication Citation

17 Stanford Technology Law Review 595 (2014).

Disciplines

Consumer Protection Law | Health and Medical Administration | Health Information Technology | Health Law and Policy | Privacy Law