First few Article Sentences
Somewhere deep within the labyrinth of regulations promulgated since Congress passed the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) in 2009 exists health care’s very own Kobayashi Maru. Mindful of the draconian consequences in deviating from the so-called HIPAA Privacy Rule, health care practitioners who follow these national standards to defend individual medical records and other protected health information (“PHI”) sometimes must stand down like a Star Fleet cadet forced to watch the entire crew and passengers of another vessel perish. On the other hand, those rogue clinicians who chose rescue over risk may face attack from federal and state authorities.
Governmental response to lapses in safeguarding PHI is due, in part, to algorithmic steps undertaken by malware, including exfiltration attempts between the malware and attackers’ command and control servers, not to mention the possibility of malware propagating to other systems, potentially affecting additional sources of electronic PHI (“ePHI”). While digitizing patient medical records remains a top national priority, fear of compromising confidentiality is still its greatest obstacle. To the unwitting health care provider, the choice between an investigation by the Office of Civil Rights (“OCR”) or a threat from ordinary malware may be just as devastating as an attack from a Klingon Negh ‘Var-class warship.