Search This Blog

Tuesday, August 2, 2011

What is ANSI 5010?

ANSI 5010 is the new version of HIPAA transaction standards that regulates the electronic transmission of health care transactions.The 5010 standards will replace the existing 4010/4010A1 version of HIPAA. The ability to mine data becomes much easier when the data is electronic. The secondary use of data under the new HIPAA deidentification rules raises several ethical considerations, with privacy being at the top of the list. The new HIPPA law sets standards for the deidentification of personal health care records in a way that there is no legal reason for permission to be obtained from the patient.

The fact is that there is a huge market for identifiable data. There are numerous computer science studies have been able to tie "unidentifiable data" back to individuals. Personal health information under the new HIPAA law is unique enough to eliminate only 87% of the U.S. population. Couple that with with drill down to other public record data sources personal health records where easily and readily tied back to the individual. In one study conducted in the late 1990s by Latanya Sweeny, a computer science professor at Carnegie Mellon University, was able to pin unidentified health information back to William Weld the governor of Massachusetts.

A similar study was conducted by two University of Texas at Austin scientist in relation to deidentified information and it was determined that this information could in fact be reidentified. The study was discontinued after reaching an agreement with Federal Trade Commission investigators. Now if that doesn't send chills down your spine I don't know what will. The unauthorized release of personal health care information is a very big and very real risk under the new HIPAA deidentification guidelines. The key question is who determines accessibility and who makes the decision for what this information will be used for?
I appreciate feedback from my readers feel free to comment on any issues that may concern you.

1 comment:

  1. Very interesting information and insight. I agree with your concern regarding privacy and de-identification practices that exist today. Look at the recent security breaches for credit card companies, it will be just as easy to have this occur in healthcare. With this, I also recognize the potential benefits of EHRs, especially when they enable medical professionals get the most integrated, high quality care regardless of sociology-economic status or geographic location. They can truly begin transforming healthcare delivery and access. Fundamental change within healthcare information exchange will no doubt demand caution.