Senators intro bipartisan effort toward modernizing health privacy laws

Teladoc Health, IBM, Epic and athenahealth all signed on to support the proposed legislation.
By Kat Jercich
11:27 AM

Bill Cassidy, Gage Skidmore/Flickr, licensed under CC BY-SA 2.0

Senators Tammy Baldwin, D-Wis., and Bill Cassidy, R-La., introduced the Health Data Use and Privacy Commission Act this week, aimed at starting the process of modernizing health data use and privacy policies.

The legislation, supported by several industry representatives including athenahealth, Epic, IBM and Teladoc Health, would establish a commission tasked with providing recommendations to Congress about updates to health information privacy laws.  

"As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential," Dr. Cassidy said in a statement.   

WHY IT MATTERS  

Broadly popular technologies such as apps and wearables were barely conceivable at the time of the Health Insurance Portability and Accountability Act's passage in 1996.  

As the senators noted in press statements, at more than 25 years old, HIPAA covers patient-doctor interactions but does not typically protect health data patients record on those tools – potentially putting the information at risk.  

"HIPAA must be updated for the modern day. This legislation starts this process on a pathway to make sure it is done right," said Cassidy.  

The commission established by the act's passage would be responsible for reviewing and comparing existing protections for personal health information at the state and federal level, along with current health data uses in a variety of industries.  

The commission is also charged with drafting recommendations and conclusions for Congress about the following: 

  • The potential threats posed to individual health privacy and legitimate business and policy interests. 
  • When sharing health information is appropriate and beneficial for consumers, and the consequences of too-stringent privacy rules. 
  • The effectiveness of existing statutes, regulations, private-sector self-regulatory efforts, technology advances and market forces in protecting individual health privacy.
  • Recommendations on whether federal legislation is necessary, and if so, specific suggestions on how to do so.
  • Analysis of whether additional regulations may impose costs or burdens, or cause unintended consequences in other policy areas.
  • The cost analysis of legislative or regulatory changes proposed in the report. 
  • Recommendations on non-legislative solutions to individual health privacy concerns.
  • Review of the effectiveness and utility of third-party statements of privacy principles and private-sector self-regulatory efforts.  

Several health organizations cheered the bill, saying the commission would provide useful perspectives in privacy debates.  

"This issue is far too important to the functioning of our healthcare system and the trust of patients to get wrong, and we appreciate your thoughtful legislation to help get these policies right," read a letter signed by the American College of Cardiology, the Association for Behavioral Health and Wellness, the Association of Clinical Research Organizations, Executives for Health Innovation, Federation of American Hospitals, the Health Innovation Alliance, the National Multiple Sclerosis Society and the United Spinal Association, along with a handful of health IT vendors.  

THE LARGER TREND  

The federal government has taken steps to align privacy policies with the boom in health technologies. 

This past September, the U.S. Federal Trade Commission issued a policy statement this week confirming that connected devices and health apps that use or collect consumers' health information must notify users and others when that data is breached – with potential penalties of up to $43,792 per day.  

And the U.S. Department of Health and Human Services has leaned on its own compliance mechanisms, bringing million-dollar fines against organizations to settle potential HIPAA violations following data breaches.  

ON THE RECORD  

"Folks across Wisconsin and the country are rightfully concerned about the security of their personal information, especially individual healthcare data, and it is time to give Americans better protection over these records," Baldwin said in a statement.  

"I am excited to introduce the bipartisan Health Data Use and Privacy Commission Act to help inform how we can modernize healthcare privacy laws and regulations to give Americans peace of mind that their personal health information is safe, while ensuring that we have the tools we need to advance high-quality care," she continued.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.