The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put health data at risk.
HIPAA was signed into law in 1996 at a time when healthcare providers were recording patient information manually on paper and charts. HIPAA transformed the healthcare sector and helped to improve efficiency and eliminate waste, with the additions of the HIPAA Privacy and Security Rules helping to ensure safeguards were implemented to ensure the privacy and security of healthcare data.
It has been more than 25 years since HIPAA was signed into law and a great deal has changed. While the HIPAA text was written in a way that made it technology agnostic, there are currently privacy and security gaps related to the use of emerging technologies, such as third-party health applications and connected devices, that could not have been envisaged over a quarter of a century ago.
To help address the privacy and security gaps, U.S. Senators Tammy Baldwin (D-WI) and Bill Cassidy (R-LA) introduced the Health Data Use and Privacy Commission Act. The main purpose of the Health Data Use and Privacy Commission Act is “to begin the process of modernizing our outdated health privacy laws and regulations.”
While HIPAA protects interactions between patients and their healthcare providers, the legislation does not adequately cover healthcare data on emerging technologies such as smartphones and smartwatches. The Senators feel the increase in technology companies in healthcare and the use of their technologies for receiving, storing, transmitting, and sharing healthcare data are putting sensitive health data at risk.
“As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential,” said Dr. Cassidy. “HIPAA must be updated for the modern day. This legislation starts this process on a pathway to make sure it is done right.”
One of the requirements of the Health Data Use and Privacy Commission Act is to form a commission to conduct research on how to modernize health data and privacy laws to ensure patient privacy and trust but to also balance any regulatory changes with the needs of doctors, who must have easily accessible information to allow them to provide care.
The commission will be responsible for conducting a comprehensive review and comparison of current measures to protect healthcare data at the state and federal level, and the current practices of the healthcare, insurance, financial services, consumer electronics, advertising, and other industries for using healthcare data.
The commission will then make recommendations to Congress on aspects of current regulations that could be modernized and how any proposed changes could be implemented. The commission will include 17 members to be appointed by the Comptroller General, and after all members are appointed, the commission will be required to submit its recommendations to Congress within 6 months.
Specifically, the recommendations and conclusions of the commission will cover:
- Threats to individual health privacy and legitimate business and policy interests
- When sharing health information is appropriate and beneficial to Americans
- Threat to health outcomes and costs from stringent privacy rules
- Whether further federal legislation is necessary and proposals on potential reforms
- An analysis of the burdens additional regulations will place on healthcare organizations and the potential for unintended consequences in other policy areas
- An analysis of the costs of any regulatory changes
- Recommendations for non-legislative solutions
- A review of the effectiveness and utility of third-party statements of privacy principles and private sector self-regulatory efforts, and third-party certification and accreditation programs for ensuring compliance with privacy requirements.
“Folks across Wisconsin and the country are rightfully concerned about the security of their personal information, especially individual health care data, and it is time to give Americans better protection over these records,” said Senator Baldwin. “I am excited to introduce the bipartisan Health Data Use and Privacy Commission Act to help inform how we can modernize health care privacy laws and regulations to give Americans peace of mind that their personal health information is safe, while ensuring that we have the tools we need to advance high-quality care.”