http://tcummins.wordpress.com/2008/07/11/are-rules-destroying-value/ Managing Relationships in the Global Networked Economy Mon, 02 Nov 2009 21:48:49 +0000 http://wordpress.com/ hourly 1 http://tcummins.wordpress.com/2008/07/11/are-rules-destroying-value/#comment-400 Over complicating things is a bad idea | AccMan Wed, 06 Aug 2008 01:33:23 +0000 http://tcummins.wordpress.com/?p=69#comment-400 [...] an interesting topic and the original post by Tim Cummins raises useful points, especially when dealing with US organizations. It plays directly to the [...] [...] an interesting topic and the original post by Tim Cummins raises useful points, especially when dealing with US organizations. It plays directly to the [...]

]]> http://tcummins.wordpress.com/2008/07/11/are-rules-destroying-value/#comment-397 Jason Mark Anderman Mon, 28 Jul 2008 04:01:41 +0000 http://tcummins.wordpress.com/?p=69#comment-397 Perhaps a good example of the problem noted in this posting is the HIPAA business associate contract. This is a contract required under the HIPAA Privacy Rule ("Rule") adopted by the U.S. Department of Health and Human Services ("HHS"). All health care providers covered by HIPAA, as well as health plans and health care clearinghouses, must force any third party service provider accessing a patient's health data to sign this contract, which includes provisions protecting the privacy of the patient. While an interesting debate could be held as to whether this contracting requirement should exist in the first place, assuming the requirement is appropriate, its implementation has resulted in a tremendous waste of resources. The Rule describes the clauses that must be included in the contract, but allows covered entities to write those clauses as they see fit. As a result, soon after the Rule came into force, covered entities and service providers confronted each other with a dizzying variety of clauses which led to long debates and negotiations as to whose incarnation best reflected the Rule. Even worse, HHS then proposed a sample contract which itself did not match the exact language of the Rule. Ultimately, many lawyers in the health care, health insurance, pharmaceutical and medical device industries have spent countless hours negotiating these contracts. This is time that could have been much better spent elsewhere, and HHS could have prevented all of this waste quite simply by just mandating that everyone sign the HHS sample contract, which is more or less palatable to all parties. In sum, the HIPAA business associate contract offers a tale of a regulation out of balance with the needs of those whom HHS regulates. More importantly, the collateral cost of time and legal expense to comply with this requirement is a good example of how such a financial drain limits choices we can make with our limited dollars, thereby constraining our freedoms. Perhaps a good example of the problem noted in this posting is the HIPAA business associate contract. This is a contract required under the HIPAA Privacy Rule (“Rule”) adopted by the U.S. Department of Health and Human Services (“HHS”). All health care providers covered by HIPAA, as well as health plans and health care clearinghouses, must force any third party service provider accessing a patient’s health data to sign this contract, which includes provisions protecting the privacy of the patient. While an interesting debate could be held as to whether this contracting requirement should exist in the first place, assuming the requirement is appropriate, its implementation has resulted in a tremendous waste of resources. The Rule describes the clauses that must be included in the contract, but allows covered entities to write those clauses as they see fit. As a result, soon after the Rule came into force, covered entities and service providers confronted each other with a dizzying variety of clauses which led to long debates and negotiations as to whose incarnation best reflected the Rule. Even worse, HHS then proposed a sample contract which itself did not match the exact language of the Rule. Ultimately, many lawyers in the health care, health insurance, pharmaceutical and medical device industries have spent countless hours negotiating these contracts. This is time that could have been much better spent elsewhere, and HHS could have prevented all of this waste quite simply by just mandating that everyone sign the HHS sample contract, which is more or less palatable to all parties. In sum, the HIPAA business associate contract offers a tale of a regulation out of balance with the needs of those whom HHS regulates. More importantly, the collateral cost of time and legal expense to comply with this requirement is a good example of how such a financial drain limits choices we can make with our limited dollars, thereby constraining our freedoms.

]]>