Federal Trade Commission’s (FTC’s) statement from Sept. 15, 2021 clarifying the definition of a personal health record under its Health Breach Notification Rule to include third-party apps and the FTC’s intent to hold non-HIPAA covered third-parties responsible for the disclosure of that personal health information.
This is good right. Well, like everything in the world there are always tradeoffs. We explore the tradeoffs on today's show.
Today in health, it, the FTC gives us information on non HIPPA covered third parties and their responsibilities with regard to handling of personal health information. My name is bill Russell. I'm a former CIO for a 16 hospital system and create, or this weekend health it a channel dedicated to keeping health it staff current and engaged.
VMware has been committed to our mission of providing relevant content to health it professionals, since the start. They recently completed an executive study with MIT on the top healthcare trends, shaping it, resilience, covering how the pandemic drove unique transformation in healthcare. This is just one of the many resources they have for healthcare professionals for this and several other great content pieces. Check out VM-ware dot com slash go.
Slash healthcare. All right. Got an email from chime, chime, applauds, federal trade commission's actions to secure consumer health data. Let me give you some of the excerpts from this. Got it on Friday. So the college of healthcare information management executives. If you're wondering what chime was, chime the professional organization for chief information officers and other senior health, it leaders.th,:
And help ensure that those entities who have a breach. Of this crucial private data are held accountable. Not only does it hold bad and insecure actors accountable, but it also creates a disincentive that urges all personal health records to strengthen their data security practices. The office of the national coordinator for health information technology.ing final rule took effect in:
All right. So that's basically what you have that ruling went into effect. Here's what it means. Essentially third parties that are going to get personal health data from your health system using fire and the API APIs. Are now responsible for making sure that they have secure systems. And if they don't have secure systems and they have a breach and they lose the data.
They can get the fines the same way that health systems get fights. Makes sense. Right. And on the surface, this is good for the patient. But really only on the surface. This is my, so what, and I'm going to do a little contrarian here. I mean, obviously this is good. We don't want information to get out and, we want people to be responsible if they're going to get personal health information for building really reliable, secure platforms to house the data and to share the data.
But I think again on the surface, good for patients, but only on the surface, this is a win really for the status quo for the patient. It's going to slow down innovation. Don't get me wrong. It will also prevent a few breaches along the way,
but with the way that we've handled patient records in healthcare over the years. Patients have gotten used to the idea that their health data can be breached at any moment. I'm just going to speak as a patient right now. I have no idea where my data is in the healthcare ecosystem.
I have no idea who has it or what it is being used for. I know that Providence is using it for their new startup, as well as millions of other records to create a data source for the good of all mankind. And I believe that is their intention, but I'd still like to know what they are going to do with my information.
I have at least three credit identity protection offers from health record breaches over the years. And those are only the breaches we know about patients should have the right to choose. If they are willing to trade privacy for a service. That will benefit them.
I understand and appreciate that the FTC is trying to protect me from bad actors,
but I don't really think this does it. And in the end, I think it's going to stifle innovation. Where we need it. I want competition to the current healthcare establishment competition is a good thing. It gives me a choice options, which usually lead to convenience. Lower overall costs for healthcare and maybe even a healthier me. The healthcare industrial complex doesn't really want competition. And you can appreciate that as a business person. I certainly appreciate that
the ruling from the FTC, isn't going to stop innovation. It is just a governor on the speed of innovation with the good intention of protecting my personal health record from bad actors. I guess my question as a patient is how do I know who the bad actors are?
Just thought I'd give you something to talk about, to start the week that's all for today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher.
You get the picture. We are everywhere. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VMware Hill-Rom 📍 Starbridge advisors. McAfee and Aruba networks. Thanks for listening. That's all for now.