GOLD or LEAD? In medicine new treatment modalities would run through a series of steps before eventually (if ever) being accepted as a “standard of care.” The business world goes through similar steps before accepting a new modality as a “best practice.”
Interestingly, it seems that the two worlds may be overlapping thanks to the Federal Government. Although not strictly a “standard of care”, HIPAA is the mandated standard for maintenance of medical record privacy. Recent court cases have explored the limits of HIPAA’s use as a defensive tool, as well as an offensive tool where medical record privacy issues are concerned (see “For Every HIPAA Yin, a HIPAA Yang” and “Clapper v. Amnesty International“). Now it seems plausible that HIPAA’s utility may not stop once one crosses the line from the world of medical record privacy to the world at large.
Our company has had discussions regarding use of compliance with HIPAA Security and Privacy Rules as a competitive advantage in other industries such as telecommunications and finance, where privacy concerns are growing in the wake of recent news items. Could it be that companies may one day tout their “ability” to protect one’s personal information on a level equal to the standards set by HIPAA for Protected Health Information? Could it be that HIPAA standards will facilitate use of government agencies to protect against government intrusion? The debate opened by this possible use of HIPAA standards as a best practice outside of healthcare is intriguing, and it represents the steps necessary for deciding if it can be a best practice. We may be looking at the next gold standard…or the next batch of lead. Either way, we may just be seeing the beginning of the debate.