Are there any novel legal approaches to the protection of personal health information?
Yes, regulations under the new statute generally will prohibit any unconsented-to sale of personal data contained in electronic records systems. Further, although previously seen in the war against financial identity theft, the recovery measure imposes a duty on health care data stewards to notify patients when their data is at risk. Oddly, the newest type of health information data steward, providers of personal health records, are not subject to either the old or the ‘improved’ HIPAA but only to the new ‘breach notification’ provision. How will this affect the legal community? Many viewed millennium year HIPAA 1.0 as an employment stimulus plan for lawyers. And lawyers involved with Institutional Review Boards and academic risk management and compliance will be working overtime. There will be no shortage of legal work when it comes to dealing with the new statutory and regulatory provisions in the health care sections of the recovery act. But, this time let us hope that is not the on
