HIPAA: A Failed Objective – A Ready Opportunity for Data Scientists
Commonly regarded as not much more than a ‘patient privacy law’, HIPAA promised much more than the security of our personally identifiable health information. HIPAA projected enough savings in administrative overhead to fund health care coverage for the 30 million uninsured at the time the legislation was signed. That aspect of the promise failed. But there remains a tremendous opportunity for data scientists to capitalize on other associated assurances, and proof of that opportunity is no further than your primary care physician’s office or local urgent care center.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA – one ‘P’) was enacted by President Bill Clinton on August 21, 1996. The Act included “Administrative Simplification” provisions that required the Department of Health and Human Services to adopt national standards for electronic health care transactions, code sets, unique health identifiers, and security [1]. The idea was to make it much easier for hospitals and other healthcare providers to share information. If you were injured or became seriously ill someplace other than your own neighborhood, any US-based treatment team would have nearly immediate access to relevant aspects of your medical history and be able to treat you more quickly and safely. From a clinical perspective this meant faster treatment and fewer errors; from a research and public health perspective it made it easier to trend treatment experience and outcomes; from a claims processing perspective it made it easier to determine correct (or incorrect) charges and the terms of payment. All of this was designed to result in savings that could be used to offset the rising cost of healthcare and reduce the number of uninsured patients.
So how do we know this isn’t working? I mean, aside from the fact that the cost of healthcare continues to rise, and the total number of uninsured Americans remains near the 30 million mark? [2]. Think about your last healthcare experience. After you provided your identifying data, did they know what medications you were on, recent treatments or surgeries, relevant family history, etc. or, - did you have to tell them - again? And if you walked from one room to the next, or just down a corridor to another room, did they have the information you just provided, or did they have to ask - again? And again. And again.
No doubt, there is an aspect to this dynamic that can be intentional. That is, toward establishing how well the patient understands their medical history and current treatment plan. But, unless your consistent experience is entirely different from mine, it seems that most of the time, no one would have much idea of my medical history but for what I tell them in that moment, and that presents its own set of risks.
The solution is at our fingertips. It has been since even before anyone could (mis)spell HIPAA. And the solution is our data scientists. Working in collaboration with our healthcare organizations and providers the potential of HIPAA remains.