Category: HITRUST

Are Healthcare Privacy Protections Quietly Being Undermined?

5/1/2025

As someone who’s worked in healthcare IT for years—mainly as a consultant—HIPAA compliance isn’t a side note. It’s baked into everything: client conversations, technical roadmaps, and yes, the required annual training. Frameworks like HITRUST CSF, NIST, and COBIT aren’t just concepts—they guide the real-world systems we help clients build and secure.

But lately, I’ve noticed something unsettling: rules that were once firm are starting to feel… optional.

Are These Protections Being Ignored? Or Reinterpreted?
No, HIPAA hasn’t been repealed. But that doesn’t mean its protections are always honored.

Across the country, we’re seeing signs that long-standing patient privacy rules are being bypassed when they conflict with political priorities:

Health data used for prosecutions in states targeting reproductive care
Creation of health registries for various purposes without full transparency
Veterans’ mental health data shared across agencies in unclear ways

These aren’t alternative narratives. They’re signals that the rules we’ve relied on may not be as solid as they seem.

Legal Rules vs. Frameworks: Why the Difference Matters
We often talk about HIPAA and HITRUST in the same breath—but there’s a big difference.

Legally Binding
HIPAA, HITECH, 21st Century Cures Act

Frameworks
HITRUST CSF, NIST, COBIT (Not enforceable laws)

When laws are weakened—or simply ignored—frameworks alone can’t protect sensitive health data.

Why This Matters to Clients and Consultants
This isn’t just theory. It directly affects the work we do:

Clients may get conflicting advice: “Share this data—it’s fine.”
Internal privacy teams could be sidelined for political goals.
Trust in EHRs and portals erodes if patients learn their info is being quietly used for other purposes. This can have a cascading effect on the quality of care patients receive.

If this trend continues, we could see innovation slow, legal risk increase, and state-by-state fragmentation in data handling rules. All of this will make our job more difficult, as many of our products are, and much of our thought leadership is, built around compliance.

What Can We Do About It?
Here’s what I recommend to peers and clients:

Stick to strong frameworks like HITRUST and NIST—even when not required
Educate clients and teams on rights, risks, and ethical boundaries
Document every sensitive disclosure and exception
Support legislation that strengthens—not weakens—health privacy

Final Thought
I’m not raising this concern as an alarmist or conspiracy theorist; I don't think I am either. As an integrator and consultant, I’m speaking as someone who has lived in the trenches of healthcare IT compliance. If we let the protections slip—even slowly—it’s not just privacy that suffers, it’s trust.

Additional thoughts or experiences on this topic are greatly appreciated. I’d love to hear how others in the field are navigating the shifting landscape.

Sources

Official References & Frameworks

HIPAA for Professionals – HHS.gov

HITECH Act Overview – HealthIT.gov

HITRUST CSF – HITRUST Alliance

COBIT – ISACA.org

Recent Reporting

“States Move to Loosen Health Data Privacy in Post-Roe Landscape” – STAT News

“HIPAA Loopholes Are a Privacy Risk, Experts Warn” – KFF Health News

“OCR Ramps Up Enforcement as Data Sharing Expands” – Health IT Security

0 Comments

Under Presssure: How New Policies Could Hurt Professionals, Clients — and Trust

4/25/2025

0 Comments

In recent months, there’s been a noticeable shift in how government actions and public rhetoric are treating white-collar professionals — including doctors, professors, consultants, and implementers. The goal of many new initiatives may be fairness, but the unintended consequences could reach far beyond the professions themselves.

What’s Changing?
Several new rules and proposals suggest increasing pressure on highly skilled professionals:

Attempts to ban non-compete agreements across industries, like the FTC’s now-blocked rule (U.S. Chamber of Commerce).
Moves to reclassify independent contractors as employees, impacting consultants, freelance experts, and specialized advisors (Department of Labor Rule, 2024).
Political rhetoric criticizing credentialed professionals, fostering distrust toward fields like healthcare, academia, and consulting.

While some reform is needed, many of these efforts risk weakening industries that rely on specialized expertise — especially in critical sectors like healthcare, finance, education, and technology.

Why This Matters (More Than Just to Consultants)
The effects could be wide-reaching:

Higher Costs: If hiring independent experts becomes harder or riskier, businesses and hospitals may face higher prices for essential services.
Lower Quality and Greater Risk: Without access to flexible, skilled consultants, organizations may struggle with compliance, innovation, and managing complexity — creating openings for fraud, waste, and abuse (GAO Report).
Shrinking Expertise Pools: Professionals who value independence might exit heavily regulated fields, leaving fewer experts where they’re needed most.

These changes could ripple through the economy at a time when knowledge and adaptability are more important than ever.

How Can We Get this Right?
Instead of blanket restrictions, a smarter path would focus on:

Tailoring rules to industries: Don’t treat an industry consultant the same as a gig worker.
Protecting true independence: Allow skilled professionals the choice to work flexibly.
Supporting client needs: Recognize that many organizations depend on independent advisors to stay compliant, efficient, and innovative.

A Personal Note
As someone who works in the world of consulting and technical services, I believe strongly in ethical practice, client value, and adaptability. I’m not opposed to reform. But reforms that undermine professional independence could end up hurting not just consultants — but the industries and communities we serve. In a complex world, expertise isn’t a problem to be solved — it’s a solution we need to protect.

Sources You Can Read:

U.S. Chamber on FTC Non-Compete Ban Opposition

Department of Labor Final Rule on Contractor Classification

GAO: Risks of Reduced Expertise

Financial Times Coverage on FTC Non-Compete Ban Legal Challenge

A Quick Note on the FTC’s Non-Compete Rule
In April 2024, the FTC finalized a sweeping ban on most non-compete agreements. However, after legal challenges, enforcement of the rule was blocked by a federal court later that year — and the current administration has signaled it may not defend the rule on appeal (FT.com Report). Even so, the attempt reflected a broader trend: increasing skepticism toward independent professional models.

0 Comments

From the Field: Thoughts on Growth, Tech, Democracy & Life

Are Healthcare Privacy Protections Quietly Being Undermined?

Under Presssure: How New Policies Could Hurt Professionals, Clients — and Trust

Author

Archives

Categories