Does your IT contract violate HIPAA?

October 1, 2007

It may be worth checking. Internist Paul Tang, vice president and chief medical information officer of the multispecialty group practice Palo Alto (Calif.) Medical Foundation, says he's seen contracts from electronic and personal health-record vendors that obligate physicians to violate the federal health-care privacy rules under the Health Insurance Portability and Accountability Act.

It may be worth checking. Internist Paul Tang, vice president and chief medical information officer of the multispecialty group practice Palo Alto (Calif.) Medical Foundation, says he's seen contracts from electronic and personal health-record vendors that obligate physicians to violate the federal health-care privacy rules under the Health Insurance Portability and Accountability Act.

While such language is not the standard, Tang told Modern Healthcare (7/23/2007), "There are contracts that say they (the vendors) will have real-time access to the database, that they will have exclusive access to the data, that they can resell the data. I think it would be unlawful that covered entities abide by that."

Robert Gellman, an attorney specializing in privacy issues, agrees: "Any contract that deals with ownership of medical data is pretty meaningless, because laws and medical ethics control the rights and responsibilities of medical records."