Global Edition
Privacy & Security

Consumer Technology Association publishes new health data privacy guidelines

The voluntary recommendations from the industry group, which aim to build consumer trust in companies that handle health and wellness data, are meant to supplement, not supplant, existing legal requirements, says CTA.
By Mike Miliard
September 12, 2019
03:39 PM

Companies that handle consumer health and wellness data have a new set of industry-developed privacy guidelines with which to consult.

WHY IT MATTERS
The voluntary guidelines, drafted by members of the Consumer Technology Association, are meant as a baseline framework to help promote consumer trust in tech companies that handle personal health and wellness data.

The recommendations, which allow for flexibility on how companies can implement them, suggest that vendors be as open and transparent as possible about the personal health information they collect and why, and think carefully about how they put that data to use.

The guidelines also suggest that companies make it easier for consumers to access and control the sharing of their health information, and give them convenient means to do so. They should also build robust security protections into their technology, says CTA, and be accountable for their promises and practices.

The CTA Privacy Principles, developed with input from companies such as Doctor on Demand, Embleema, Humetrix, IBM and Validic, are based around privacy concepts currently present and developing in U.S. law, according to CTA.

They're meant to supplement the applicable legal requirements and regimes with which companies need to comply, say association officials, not to supplant them.

"CTA’s Privacy Principles give health care companies the guidelines for protecting consumer data and maintaining consumer trust," said Drew Schiller, CEO of Validic and vice chairman of CTA's Health and Fitness Technology Division, in a statement. "This is vitally important not only as an individual company but as an industry."

THE LARGER TREND
First developed in 2015, an initial set of principles was developed by CTA in response to tangible privacy risks and to learn more about consumer preferences for their health data.

These new guidelines have been expanded, according to the industry group. Beyond data generated from wearables, the new list of voluntary guidelines cover the collection, use and sharing of any data from personal health and wellness devices, apps, websites and more.

But the fact that the rules are voluntary, and meant to complement existing privacy regulations, is an important one. The area of personal health data is one that's fast evolving, especially given the imperative — driven by recent proposed rules from CMS and ONC — for greater consumer empowerment and wider sharing of device data. 

Suffice it to say, more state and federal regs for consumer health companies will be forthcoming.

We spoke recently with Deven McGraw, general counsel and chief regulatory officer for consumer health tech startup Ciitizen and former chief privacy officer at ONC, and Vince Kuraitis, whose consultancy, Better Health Technologies, has been especially focused recently on emerging data-driven business models, about some of the challenges of the existing health data privacy landscape.

"The yin-yang approach to privacy and data use has been around for as long as we've had privacy law," said McGraw. "But it has become more salient now."

She added: "You can't resolve this without some sort of legislative activity."

But Kuraitis said that's a prospect that many companies may be starting to welcome.

"What's changed here is that you now see even the large tech companies saying, 'Give us regulations,'" said Kuraitis. "They have fears of a lack of harmonization of guidelines and regulations, at an international level with what's going on in Europe, and they're also fearful of 50 states adopting for 50 different sets of privacy laws."

In the meantime, the mere fact that companies such as CTA's members are thinking so in-depth about the implications of their data policies is a clear sign that they recognize consumers are more savvy and empowered about how their data is put to work than they once were.

ON THE RECORD
"These privacy guidelines, developed with consensus among industry stakeholders, will help give both individuals and companies the confidence to invest in innovative technologies which will improve health," said Gary Shapiro, president and CEO of CTA, in a statement. "The CTA Privacy Principles demonstrate that health tech companies understand they must be trusted stewards of patient data."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a publication of HIMSS Media.

Topics: 
Data Warehousing, Government & Policy, Medical Devices, Mobile, Privacy & Security

More regional news

A doctor in scrubs reviewing a patient's record on a digital tablet

$14M more for EMR implementation in Victoria and more briefs

By
Adam Ang
November 24, 2024
Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
HHS investing $75 million in rural healthcare infrastructure
GPs cry My Health Record 'overhaul' and more briefs

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Dr. Mehmet Oz
Trump picks Dr. Mehmet Oz to head CMS
Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve