AISHealth.com reports on a Research Triangle Institute survey of HIPAA Privacy Rule compliance commissioned by the Department of Health and Human Services’ Agency for Healthcare Research and Quality. The report finds much health care provider confusion over the minimum necessary use and disclosure provision of the Privacy Rule and its complex state law preemption provisions. The first finding is surprising because the minimum necessary rule merely requires the application of common sense. The second finding is hardly surprising because of the complexity of the rule’s preemption provisions. More information on the survey is available here from RTI. The final report with “solutions” is due in the summer. HHS is relying heavily on this process to respond to Congressional pressure to incorporate privacy and security safeguards in the National Health Information Network’s architecture. I hope they don’t throw the baby out with the bath water, particular considering how much money and human capital was invested in the HIPAA privacy rule implementation process.