Hacking HIPAA – Patient Focused Common Notice of Privacy Practices

Posted on June 27, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

How can you not be interested in an article that talks about hacking? Of course, in this case I’m talking about hacking in a much more general since. Most people think of hacking as some nefarious person compromising a system they shouldn’t be accessing. The broader use of the term hack is to create something that fixes a problem. You “hack” something together to make it work.

This is what David Harlow, Ian Eslick, and Fred Trotter had in mind when they got together to hack HIPAA. They wanted to create a HIPAA Notice of Privacy Practices (NPP) that would provide meaningful privacy choices for patients while still enabling the use of the latest technology. Far too often HIPAA as seen as an excuse for why doctors don’t use technology. However, if the NPP is set up correctly, it can enhance patient privacy while allowing use of the latest technologies in your practice.

The Hacking HIPAA team decided to leverage the power of crowdfunding to see if they could collaboratively develop a patient focused Notice of Privacy Practices. I really love the idea of a Common Notice of Privacy Practices. If you like this idea, you can help fund the Hacking HIPAA project on MedStartr.

For those not familiar with crowdfunding, imagine your healthcare organization getting $10,000 worth of legal work from one of the top healthcare lawyers for only $1000. Looked at another way, you get an updated Notice of Privacy Practices with all the latest HIPAA omnibus rules incorporated for only $1000. Call your lawyer and see if they’d be willing to provide an NPP for that price. Plus, your lawyer probably will just provide you some cookie cutter NPP they find as opposed to a well thought out NPP.

This is such a great idea. I hope that a large number of healthcare organizations get behind the project. I’d also love to see some of the HIPAA disclosure companies and EHR companies support the project as well. The NPP will have a creative commons license so those companies could help fund the project, provide feedback in the creation of the NPP and then distribute the NPP to all of their customers. What better way to build the relationship with your customers than to provide them a well thought out NPP?

If you want a little more information on how the Hacking HIPAA project came together, here’s a video of Fred Trotter talking about it. Also, be sure to read the details on the Hacking HIPAA MedStartr page.