Senior Communications Manager
Kirk Nahra Discusses HIPAA and Data Sharing for Health Care Research
Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice, was quoted in an September 22 Bloomberg BNA article regarding the role that health data privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) may play in deterring health care organizations from sharing data for research, and the possibility of new regulation to address the issue. Deven McGraw, Deputy Director of Health Information Privacy in the Health and Human Services Office for Civil Rights (OCR), believes that current data privacy rules have discouraged organizations from sharing patient data for meaningful research. He suggested that a new regulatory framework could be considered.
‘‘HIPAA is generally a permissive set of rules,’’ Mr. Nahra said, noting that OCR allows health data to be used for myriad purposes. ‘‘It gives situations where covered entities are allowed to disclose. It seldom makes them disclose.’’
While changing regulations to incentivize disclosure of health information could benefit researchers, it’s a complex area to navigate. In a perfect world, it would be ideal if researchers had access to every piece of data, according to Mr. Nahra. ‘‘There’s no question that’s a desirable goal. But in order to get there, you’ve got a whole bunch of other things you’ve got to get through, and it’s not just an incentives issue,’’ Mr. Nahra said.
According to Mr. Nahra, lawmakers need to weigh the importance of safeguarding patient privacy against the potential value of using sensitive data for medical research. If lawmakers believe the value of data-sharing is strong enough, new regulations could be passed. ‘‘You can make that judgment and that would result in very different data sharing, but that’s not the judgment we have right now.’’