During the COVID-19 pandemic, HIPAA has been an even hotter topic than usual. Our guest this week, Iliana Peters, has worked on all sides of the regulation – as a group of investigators shoring up the HIPAA program for the Office for Civil Rights at the Department of Health and Human Services (HHS), senior advisor for HIPAA enforcement for HHS, acting deputy director for data privacy and security at OCR, and now as a shareholder at the law firm Polsinelli PC, where she specializes in data privacy and security issues at the state and federal level. This week she shares her unique perspective on privacy with us, and also some fun tidbits about herself.
How HIPAA Helps Save Lives
Peters talks about how many healthcare organizations throw up their hands when the topic of data and security comes up because they don’t understand it and their facilities don’t have the resources to hire privacy professionals. Healthcare professionals see their mission as saving people’s lives and helping get patients the care they need. Peters says that when it comes down to purchasing an MRI machine to replace their 20-year-old piece of equipment or implementing advanced persistent threat detection, small rural hospitals are going to choose the MRI machine. After spending her career working with issues that affect healthcare, she feels that many healthcare professionals don’t understand the real impact that the lack of data security has on the practice of healthcare.
Patient safety includes keeping patients’ data secure
“We need to educate healthcare professionals that if they are vulnerable and have a certain type of data breach, they will lose lives. If you are not taking the right steps to protect your patients’ data, you are low-hanging fruit and will get attacked. When you do get attacked, you won’t be able to treat patients and people will die.”
-Iliana Peters, shareholder at Polsinelli
Biggest Consumer Misunderstandings about COVID-19 and HIPAA
She shares that during the current pandemic many people think HIPAA applies to circumstances where it actually does not apply. For example, HIPAA applies if a doctor’s office, health insurance, or billing vendor asks you for information. However, HIPAA does not apply if you go into a retail shop or your employer asks you for testing information. She explains that it’s a different story if they ask your doctor for that information. If they ask your doctor, that does fall under the jurisdiction of HIPAA. However, when someone asks a person directly and they have the choice to share or not to share, HIPAA does not apply.
HIPAA regulates entities, not individuals
“HIPAA does not apply if you’re walking into a supermarket and they are asking you to wear a mask. HIPAA doesn’t regulate individuals – it only regulates entities, and even then only certain types of entities – not supermarkets, not employers, not retail, not social media. There is no interaction with HIPAA in these circumstances.”
-Iliana Peters, shareholder at Polsinelli
Is HIPAA Still in Effect During a Pandemic?
Peters hears many consumers say that HIPAA has been waived during a public health crisis, which she explains is an urban legend. While there are specific circumstances in which a Social Security Act waiver may apply for 72 hours at a hospital that has executed its disaster protocol, she explains that HIPAA is still in effect for doctors, for health insurance companies, and for public health authorities in many cases.
Individuals have the right to decide who their data is shared with
“We get to share what we want to share with the people that we want to share it with for certain reasons. We have the right to make that decision. Nobody has the right to come into our homes and see what we’re doing in our home, and no one has the right to come into our lives and see what our personal business is. That’s the way that I see data privacy – we all have the right to make these decisions about our lives and the information about our lives.”
-Iliana Peters, shareholder at Polsinelli
During the podcast, Peters goes in-depth about how smartphone apps made protecting healthcare information more difficult. But you are going to have to listen to the podcast to hear her interesting perspective and insight. A short summary of the discussion simply can’t do it justice. Click here to listen to our chat and hear the entire conversation. It’s not every day you get the view of someone who has seen all sides of HIPAA.