Alex made several points in the article that goes to the heart of why we developed the HIPAA Web Forms API & Wordpress plugin which include:
HIPAA Creates Higher Fees
HIPAA Prevents Marketplace Innovation
HIPAA Sets the Wrong Tone for the Industry
I completely agreed with everything Alex said in the article until the very end which stated:
"Instead of opening up the delivery IP to a platform filled with third-party scientists and bio-tech startups to innovate on creating new therapeutics, the natural reaction is to keep the IP in-house or lock it up with huge licensing fees, like we've seen with CRISPR licenses.
Healthcare costs are going up, quality is going down and rolling back (or modernizing) HIPAA is the first step in breathing innovation and new life into the healthcare and pharmaceutical industries."
There's no doubt that HIPAA and similar regulations in other countries such as PIPEDA in Canada & the GDPR in the EU has stifled innovation and has prevented the healthcare industry from leveraging new technology that could and SHOULD be adding efficiency and lowering costs to nearly every aspect of healthcare.
Code Monkeys was a traditional web development agency before releasing the HIPAA Web Forms product. The reason we built our HIPAA forms solution was because our healthcare clients wanted to accept patient health information over their own websites but there simply wasn't a good solution out there to do it without building an expensive custom one-off solution. But we didn't start working on a solution the first time a client requested it, instead we did what everyone else does when faced with HIPAA and just said no.
We said no without even considering if we could or couldn't realistically build a solution, we said no because we didn't want to take on the perceived risk that comes along with HIPAA. The very mention of the word HIPAA makes developers like us cringe and immediately makes us think of lawsuits and government fines. Why would anyone want to take on a risk like that?
It wasn't until another web design agency we worked with reached out to us that was considering niching down to the healthcare industry but wanted to see if we could build a HIPAA compliant form solution that we actually took a real look at if we could or not. Of course my first immediate reaction was "no", but considering how often this issue seemed to come up I started getting curious on what it would take to actually build a solution.
Even then we didn't decide to actually build it. I did do some initial research into what it would take and while it looked like a massive undertaking it did seem doable, but the web design agency decided not to go the direction they were considering and I still wasn't sold on the idea of actually taking on HIPAA so we left it alone.
It wasn't until another web design agency we worked with sent us a couple of dental website builds that again requested a way to accept health information over their website a month or two later that we took a serious look at actually building a solution. This was just being requested too often and my earlier research seemed promising so we finally jumped into it.
The point I'm trying to make here is that Alex was absolutely correct in saying HIPAA has stifled innovation in the healthcare industry and we're guilty just like everyone else of letting HIPAA scare us away from building a solution to do something as seemingly simple as letting someone submit a form on a website, something that has been insanely simple to do for over 20 years now for non-healthcare related websites but something that has been an incredibly tough nut to crack because of HIPAA.
Where I disagree with Alex is in his proposed solution of eliminating or relaxing HIPAA regulations.
HIPAA & PIPEDA aren't going anywhere any time soon and if the EU is any indication of where the trend is going then the regulations will only continue to get tighter, not looser. I think Alex's proposed solution is just wishful thinking and honestly your private health information SHOULD be protected and secured.
While Alex is also correct in stating that the trend from platform developers had been to lock up the IP and charge extremely high licensing fees, that trend is changing.
What has made our HIPAA Web Forms API & Wordpress plugin successful is the fact that we ourselves took the opposite approach. We purposely built a solution that even the smallest clinics and pharmacies could afford and implement on a free open source platform like Wordpress. In fact we're about to go one step further and within the next couple of weeks release a completely free version of our web forms product for the smallest healthcare providers and healthcare related startups.
While our product today is just a simple way to accept E-PHI over a website, we have a lot of new things currently in development and scheduled to be released over the next year that we believe is going to further shift that paradigm.
The solution is not to get rid of HIPPA like Alex suggests, the solution is finding ways to innovate around and with HIPAA.
We started with a simple flexible way to pass HIPAA compliant data because HIPAA was the main barrier to innovation, with that barrier knocked down we're now able to innovate freely.