What Happens to Data, Systems If Obamacare Is Repealed?
If President-elect Donald Trump fulfills a campaign promise of repealing Obamacare – which could result in the dismantling of HealthCare.gov and state health insurance exchanges – great caution will be needed to protect the data of millions of consumers contained in those systems.
… If health insurance exchange systems will no longer need to store PHI, “the data needs to be wiped in a manner that complies with HIPAA requirements for media reuse and disposal,” notes Keith Fricke, partner and principle consultant at tw-Security.
But even before systems are potentially dismantled, data needs to be protected during in-between stages of discontinued operations, he notes. “Take the systems offline and restrict physical and electronic access until the data are properly disposed of,” he suggests.
Even when covered entities or BAs go out of business, Fricke notes, “organizations are still obligated to protect the patient data while in their custody; therefore, all required administrative, physical and technical controls are still in play. Also, contract language for any parties involved should have language addressing termination of relationship and agreed-upon actions to be taken to dispose of data.”