The Fund supports several networks of state health policymakers to help identify, inspire, and inform policy leaders.
The Fund identifies and shares policy ideas and analysis on topics important to state health policymakers, particularly on issues related to state leadership, primary care, aging, and total costs of care.
Keep up with news and updates from the Milbank Memorial Fund. And read the latest blogs from our thought leaders, including Fund President Christopher F. Koller.
The Fund publishes The Milbank Quarterly, as well as reports, issues briefs, and case studies on topics important to health policy leaders.
The Milbank Memorial Fund is an endowed operating foundation that publishes The Milbank Quarterly, commissions projects, and convenes state health policy decision makers on issues they identify as important to population health.
March 2018 (Volume 96)
Ram D. Gopal
Back to The Milbank Quarterly
Context: Frequent data breaches in the US health care system undermine the privacy of millions of patients every year. A large number of such breaches happens among business associates of the health care providers that continue to gain unprecedented access to patients’ data as the US health care system becomes digitally integrated. The Omnibus Rules of the Health Insurance Portability and Accountability Act (HIPAA), which were enacted in 2013, significantly increased the regulatory oversight and privacy protection requirements of business associates. The objective of this study is to empirically examine the effects of this shift in policy on the frequency of medical privacy breaches among business associates in the US health care system. The findings of this research shed light on how regulatory efforts can protect patients’ privacy.
Methods: Using publicly available data on breach incidents between October 2009 and August 2017 as reported by the Office for Civil Rights (OCR), we conducted an interrupted time-series analysis and a difference-in-differences analysis to examine the immediate and long-term effects of implementation of HIPAA omnibus rules on the frequency of medical privacy breaches.
Findings: We show that implementation of the omnibus rules led to a significant reduction in the number of breaches among business associates and prevented 180 privacy breaches from happening, which could have affected nearly 18 million Americans.
Conclusions: Implementation of HIPAA omnibus rules may have been a successful federal policy in enhancing privacy protection efforts and reducing the number of breach incidents in the US health care system.
Keywords: Health Insurance Portability and Accountability Act, patient privacy.
Read on Wiley Online Library
Volume 96, Issue 1 (pages 144-166) DOI: 10.1111/1468-0009.12314 Published in 2018
Get the Latest from the Milbank Memorial Fund
The Milbank Quarterly’s multidisciplinary approach and commitment to applying the best empirical research to practical policymaking offers in-depth assessments of the social, economic, historical, legal, and ethical dimensions of health and health care policy.