HIPAA Snuffs Out Innovation. Lives Next?

Over the weekend, I ran into a story about medical regulations that reminded me strongly of another, a couple of years ago, about Google being frightened away from branching out into medicine by an overwhelmingly hostile regulatory regime.

In "A Stark Lesson in the Crushing Economic Impacts of Government Regulation," software consultant Burt Walker discusses the problems potential innovators in medical software face due to Health Insurance Portability and Accountability Act (HIPAA) requirements:

I occasionally work as an independent software project manager, working on behalf of clients needing software and acting as their advocate with whomever they choose to develop their products. Recently, I worked for a family practice physician. He had a terrific idea for a mobile application that would not only help him and others in his profession, but it would also provide a better experience for their patients. My job was to develop the specifications for the project and to help him in finding the best developers, then guide him through the completion of the project. It turned out to be one of the most stupefying experiences in my professional life. After completing my assessment of the HIPAA requirements, I concluded the length of time to complete the project would triple, the cost for developing and operating it would quadruple, and the business case was all but destroyed. All of this due exclusively to HIPAA. [bold added]

Walker spares us the regulatory "mumbo jumbo" -- his term, though I might have used it myself -- and yet quite convincingly conveys its impact. Here's a sample from the rest of his piece:

There are other barriers too. If someone develops a product they believe to be compliant, but it turns out later not to be, they are subject to enormous fines -- I'm talking put doctors out of business and into bankruptcy kind of fines. The feds have "enforcers" anxiously awaiting the opportunity to find these hidden jewels in practices and hospitals everywhere. And to make matters worse, there is no way to get a product certified. That's right, a software developer has to hire teams of lawyers to file through gobs of government regulations to make sure their product meets the requirements.

What is the result of this cartoonish nightmare? Entrepreneurs and innovators everywhere avoid entering the field of health care. The sad part is that the goals of the Security Rule could easily be accomplished without all the unnecessary bureaucratic nonsense. I honestly believe I could write an adequate specification for the HIPAA Security Rule on a single page, using a large font size with triple spacing and still have a half a page left empty... [emphasis in original]

Although Walker never challenges the legitimacy of government regulation, his piece may yet cause many readers to be receptive to such a question. I recommend reading the whole thing, and passing the word. Walker is right to speculate that lives may yet hang in the balance as a direct result of these requirements.

-- CAV