By DEVEN McGRAW and VINCE KURAITIS
This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”
In our previous post, we described the “Wild West of Unprotected Health Data.” Will the cavalry arrive to protect the vast quantities of your personal health data that are broadly unprotected from sharing and use by third parties?
Congress is seriously considering legislation to better
protect the privacy of consumers’ personal data, given the patchwork of
existing privacy protections. For the most part, the bills, while they may
cover some health data, are not focused just on health data – with one
exception: the “Protecting Personal Health Data Act” (S.1842), introduced by
Senators Klobuchar and Murkowski.
In this series, we committed to looking across all of the
various privacy bills pending in Congress and identifying trends,
commonalities, and differences in their approaches. But we think this bill,
because of its exclusive health focus, deserves its own post. Concerns about
health privacy outside of HIPAA are receiving increased attention in light of
the push for interoperability, which makes this bill both timely and
potentially worth of your attention.
HHS and ONC recently issued a Notice of Proposed Rulemaking (NPRM) to Improve the Interoperability of Health Information. This proposed rule has received over 2,000 comments, many of which raised significant issues about how the rule potentially conflicts with patient and provider needs for data privacy and security.
For example, greater interoperability with patients means that even more medical and claims data will flow outside of HIPAA to the “Wild West.” The American Medical Association noted:
“If patients access their health
data—some of which could contain family history and could be sensitive—through
a smartphone, they must have a clear understanding of the potential uses of
that data by app developers. Most patients will not be aware of who has access
to their medical information, how and why they received it, and how