Blaming the government for a regulated industry’s failure to understand regulations, and suggesting that the government should publish its regulations through channels other than the official channels are interesting strategies. It seems to me that there are more productive ways of engaging with the issues.
New regulations are not going to change the scope and applicability of HIPAA/HITECH. OCR has pushed out some regs and subregulatory guidance, and has sat on other pieces (e.g., the Accounting of Disclosures final rule). It’s largely a question of resources and priorities. (I had an interesting window into this calculus thanks to a recent forum with Linda Sanches of OCR.) Ultimately, If we want a more friendly regulatory environment, it will require an act of Congress, and Congress is pretty unable to act these days, so I wouldn’t hold my breath.
In an era of government consolidating and cutting back, I also won’t be holding my breath waiting for more user-friendly explanations of regulations to emanate from DC. Meanwhile, we muddle through as best we can, no?
I’ve seen HIPAA confusion and its predecessors out there for decades. Before health systems were saying no to innovation because of unfounded fears regarding HIPAA, they were saying no because of unfounded fears regarding fraud and abuse, anti-kickback and Stark rules. Before then, it was something else. “Plus ca change, plus c’est la meme chose.”
I work with innovative startups and innovative health systems that are building and implementing the tools that are needed to bridge the gap between the possible and the current reality of lackluster use and leverage of health data in order improve individual and population health. It’s happening today.
Better guidance would be nice to have, but it is not a must-have.