Last week at HIMSS, ONC Chief Privacy Officer Lucia Savage talked about what HIPAA doesn’t say. On Thursday, her predecessor, former ONC privacy chief Joy Pritts, talked about what HIPAA doesn’t cover. Pritts, now a consultant, was joined by Morgan Reed, the executive director of ACT The App Association, in a talk about pitfalls providers can fall into when it comes to patient data privacy.
“If I go online and I fill out a health risk assessment just on my own — I think, this is a cool thing to do, I’m gonna check it out — that’s not covered by HIPAA, and what that company does with that data is not subject to HIPAA privacy rules,” Pritts said. “So you go to almost the same website but they have another page and that page is being offered on behalf of a covered entity, that’s covered by HIPAA. And it can be difficult for companies to know when they’re crossing that line.”Read More On mobihealthnews.com