The Health Insurance Portability and Accountability Act (HIPAA) does not protect the privacy of Internet users when they are engaged in the most common e-health transactions online, according to a report released this month."Why the new federal health
The Health Insurance Portability and Accountability Act (HIPAA) does not protect the privacy of Internet users when they are engaged in the most common e-health transactions online, according to a report released this month.
"Why the new federal health privacy regulation doesn't offer much protection to Internet users," a report by the Health Privacy Project in the Institute for Health Care Research and Policy at Georgetown University, says the federal health regulation applies only to three healthcare entities:
Health Web sites not owned by one of these three entities fall outside the scope of the rule. Different rules may, therefore, apply to different Web sites offering similar services, such as second opinions or e-prescriptions.
"Even at Web sites that are owned or operated by organizations covered by the privacy regulation, it is ambiguous which activities at those sites are subject to the privacy rule," the report said.
The burden will be on consumers and Web site operators to determine which Web sites must comply with the regulation.
Until the release of HIPAA in December, 2000, there were few legal limits on how health-related information collected on individuals could be used and disclosed. By focusing on electronic transactions, HIPAA attempts to give consumers confidence that health information moving across computer-based networks would be protected.
By leaving this loophole, however, HIPAA may be merely creating the illusion of legal protection, lulling consumers into a false sense of security when they engage in online health activities.
"Given the wide range of activities on the Internet and the relatively narrow scope of the regulation, it is likely that a great deal of health information collected on health Web sites will not be covered by the new regulation," the report said.
Some sites have responded to the concern about privacy and security on the Internet by establishing self-regulation. Some professional organizations and trade associations have taken preemptive measures to cut off potential federal Internet privacy regulations by developing standards and seal programs (such as TRUSTe) to address Internet privacy and security issues. But compliance is voluntary, and few if any enforcement mechanisms are in place.
"People believe they are invisible and anonymous online, but they are often exposing their most sensitive health information to online healthcare sites that are not required by law to protect the information or keep it confidential," the report said. "The potential for abuse is enormous."
The report is available online.
The Reading Room Podcast: Current Perspectives on the Updated Appropriate Use Criteria for Brain PET
March 18th 2025In a new podcast, Satoshi Minoshima, M.D., Ph.D., and James Williams, Ph.D., share their insights on the recently updated appropriate use criteria for amyloid PET and tau PET in patients with mild cognitive impairment.
Meta-Analysis Shows Merits of AI with CTA Detection of Coronary Artery Stenosis and Calcified Plaque
April 16th 2025Artificial intelligence demonstrated higher AUC, sensitivity, and specificity than radiologists for detecting coronary artery stenosis > 50 percent on computed tomography angiography (CTA), according to a new 17-study meta-analysis.
New bpMRI Study Suggests AI Offers Comparable Results to Radiologists for PCa Detection
April 15th 2025Demonstrating no significant difference with radiologist detection of clinically significant prostate cancer (csPCa), a biparametric MRI-based AI model provided an 88.4 percent sensitivity rate in a recent study.