HIPAA and data sharing: Rethinking both for the Digital Age

HIPAA, the healthcare information protection framework, needs improvement in several areas. The Health Information Trust (HITRUST) Alliance should be incorporated into the HIPAA guidelines for improved security. Organized Health Care Arrangements (OCHAs) need better explanation and registration requirements. The need for patients to sign receipts of notice of privacy practice could be eliminated. The breach reporting portal of the Office of Civil Rights needs improvement and the threshold for reporting breaches should be reconsidered. Business associate agreements should be clarified and not required between healthcare providers.