HIPAA and data sharing: Rethinking both for the Digital Age

Ironically, HIPAA was written at a time when most providers were on paper charts and submitting paper claims. It established a framework for protecting patient information and focused heavily on the way providers shared patient information. The subsequent HITECH (Health Information for Economic and Clinical Health) Act of 2009 focused on the promotion of electronic medical records and “meaningful use” in the health information technology sector. The most meaningful development related to security in EHRs has been the formation of the Health Information Trust (HITRUST) Alliance (2007). Simply put, HITRUST combines regulations and standards into a single overarching security framework.