Mining individually-identifiable information could constitute a breach if the analysis falls outside HIPAA's scope. What's not clear: whether using patient data to improve products, as opposed to health outcomes, is allowed under the law.
While the omnibus HIPAA rule includes language that expands the type and number of entities falling under the business associate umbrella, it is not yet clear whether industry practice has kept pace.
What with the scope of PHI potentially subjected to industrial-strength data mining broader than ever, HIPAA is merely a start for healthcare organizations. Here's a look at more tactics.
