Health IT, Policy

Chilmark analyst: ‘HIPAA must die’

Chilmark Research analyst Brian Murphy doesn’t want HIPAA to die as much as he does the complex web of federal and state healthcare regulations for privacy and security, reimbursement, nurse staffing levels, telemedicine, physician credentialing and other issues.

“HIPAA Must Die.”

Those are the provocative words of Chilmark Research analyst Brian Murphy. Actually, Murphy doesn’t want HIPAA to die as much as he does the complex web of federal and state healthcare regulations for privacy and security, reimbursement, nurse staffing levels, telemedicine, physician credentialing and other issues.

“Do we really need HIPAA and fifty different state versions of HIPAA to make patient data private and secure?” Murphy asked on the Chilmark blog (emphasis in original).

With so much consolidation in the healthcare industry in recent years, healthcare organizations increasingly are finding themselves operating across state lines, and thus, subject to a hodgepodge of rules. “The time has come for healthcare providers and other stakeholders to call for a harmonized regulatory regime for a tangle of issues in healthcare,” Murphy declared.

This idea is not without precedent. After the Great Depression, the banking industry got together and lobbied for creation of the Uniform Commercial Code. As Murphy noted:

The goal was to harmonize state laws to make banking and commerce across state lines rational and coherent.  Working from a set of rules of the road endorsed by a single, private “standards” organization, each state enacted laws that enabled interstate banking and commerce while preserving some flexibility for local conditions and requirements. This system has evolved over the years and continues to make it easy and predictable for enterprises to bank, conduct business, and generally follow the rules. Instructively for healthcare, the system also meant that the feds never needed to pass similar and competing laws.

He said this approach could work in healthcare, if only all the competing interests were able to come together and ask for it.

It wouldn’t exactly make HIPAA die, but rather turn the privacy and security regulations into more than just a baseline for 50 states, D.C. and other U.S. possessions to build their own rules from. Still, we love provocative headlines and we love when others make us think.

What do you think? Please comment below.