Datica Blog

HIPAA Legislation is in The House

Kris Gösser

Chief Marketing Officer

June 2, 2015   HIPAA Company

As of May 21, 2015, the House Committee on Energy and Commerce has officially pushed forward the bill calling for the Secretary of Health and Human Services to “revise and clarify” the HIPAA Privacy Rule’s contingencies on the application and release of PHI (protected health information) for research purposes. Next, the legislation is on its way to meet the full House of Representatives. We wanted to use our expertise in the situation to briefly explain what this means for digital health companies.

Under present HIPAA Privacy Rule standards, PHI can be used and shared by covered entities for healthcare payment, treatment, and operations without the need for patient consent. But if this legislation is to be passed, patient authorization will not be needed for the disclosure of PHI for research intents as well if business associates or covered entities are involved. This modern provision aims to accelerate the rate of research, which could lead to breakthroughs in modern medicine, devices, and treatments by removing previous hindrances. But there are those in opposition to these HIPAA proposals voicing their concern for the relaxed direction and feel this could pose concerning patient data.

You may be wondering why these privacy advocates are fighting so passionately since furthering research is generally a desired notion. But looking further into the bill sheds light on these actions. Upon review, one can find the promotion for advancements in precision medicine (personalized medicine) which will incontrovertibly require highly personalized, hypersensitive, and identifiable data, which many patients will likely want sovereignty over. An alternative being considered is to make revisions to the bill outlining guidelines that call for de-identification requirements so individuals will not be able to contacted or identified.

Another provision made in this legislation requests for the penalizing of vendors who fail to meet requirements for secure and interoperable information exchange, something our business partners at Catalyze will never have to concern themselves with. Our number one concern is compliance so that theirs doesn’t have to be.

So what next?

The bill is headed for the House of Representatives and if the House passes, the legislation will head directly to the Senate. You can expect that all implications towards these privacy provisions will be heavily scrutinized before passing into effect. Stay tuned as we stay up-to-date on next actions concerning this legislation and all things HIPAA related!


FHIR is a necessary development due to the current state of healthcare integration and interoperability and brings a better, more modern approach to ehr integrations.

Next Post

Knowing the difference between being HIPAA ready and HIPAA compliant could save you some big risks and some even bigger costs.


21st Century Cures Act Passes in the House of Representatives

Kris Gösser

Chief Marketing Officer

With the intent to lighten restrictions on the use and exposure of PHI for research, the 21st Century Cures Act was passed in 2015. Learn more about it here.

event-note July 27, 2015

4 PHI Marketing Special Cases

Kris Gösser

Chief Marketing Officer

Under the Omnibus Rule, learn about four special cases for making use of PHI in marketing efforts.

event-note May 3, 2016

If a vendor won't sign a BAA, they aren't "HIPAA-compliant"

Mohan Balachandran


HIPAA compliance isn't a sticker that you put on servers that wards off hackers and HHS. It's a dedication to doing the right thing for users and their PHI every day.

event-note January 7, 2015

3 HIPAA Omnibus Rule Essentials for IT/Security

Mohan Balachandran


In 2013, the Office of Civil Rights began enforcing a new set of regulations intending to improve patients’ access to their medical records and increase security to protected health information.

event-note October 30, 2015