Author(s)
James C. Cooper and Daniel Gilman
Source
Michigan Telecommunications and Technology Law Review, Vol. 16, No. 2, 2010
Summary
This paper explores policy trade-offs between health information technology and regulation of privacy & data security.
Policy Relevance
This paper focuses on one species of regulatory costs that may be especially amenable to reform – those imposed by privacy and data security regulations.
Main Points
- Barriers to health information technology (HIT) development and adoption have been complex, including not just misaligned payment incentives – addressed by the ARRA – but significant implementation issues, risk, “cultural” barriers to adoption, standard-setting issues, network externalities, and regulatory costs.
- The expected tangible privacy harms related to HIT are less stark than some believe.
- Data security may be a more efficient substitute for many consent and breach notification requirements.
- The express preemption of state law in the field is examined as a potentially efficient response to the substantial costs associated with state regulation of medical privacy.
*Full title: "There is a Time to Keep Silent and a Time to Speak, the Hard Part is Knowing Which is Which: Striking the Balance between Privacy Protection and the Flow of Health Care Information"
