A Currently National Privacy Regulation in the U.S. – and Upcoming Plans to Improve It
By Anonymous | March 2, 2022
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the interactions between healthcare patients and healthcare providers (doctors, hospitals, etc.), and contains an important provision on patient privacy referred to as “The Privacy Rule.” The Department of Health and Human Services describes this rule as follows:
The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization. The Rule also gives individuals rights over their protected health information, including rights to examine and obtain a copy of their health records, to direct a covered entity to transmit to a third party an electronic copy of their protected health information in an electronic health record, and to request corrections.
Rather than follow Europe’s approach of adopting a holistic method of regulating privacy via such an act as the General Data Protection Regulation (GDPR), the United States’ privacy regulatory landscape operates on a patchwork of regulations like the California Consumer Privacy Act (CCPA). In that sense, HIPAA stands as a notable exception to U.S. regulatory norms concerning privacy.
Source: Delphix.com
With the advent of digital health – an area of growth for the U.S. health industry particularly as a result of the COVID-19 pandemic – at least one HIPAA blind spot has emerged. HIPAA does not currently regulate digital health companies’ ability to collect and utilize consumer health data. But that could change as a result of a new bi-partisan Congressional bill, the Health Data Use and Privacy Commission Act. Sponsored by Bill Cassidy (R-LA) and Tammy Baldwin (D-WI), the bill would create a commission that would advise both Congress and President Joe Biden how to modernize current health privacy laws. The commission would focus on “issues relating to the protection of individual privacy and the appropriate balance to be achieved between protecting individual privacy and allowing appropriate uses of personal health information” (Morgan Lewis).
Source: Pexels.com
Improvements to HIPAA could help address patient privacy concerns across a number of dimensions. Using legal scholar Daniel Solove’s Taxonomy of Privacy, it might appear as though privacy issues would emerge for digital health offerings during the collection of patient data. But Eric Wicklundof indicates in HealthLeaders Online that such offerings “opened the door to new ways that such data can be misused;” in that sense, under the terms of Solove’s framework, information processing and dissemination poses greater risks to patients under the current iteration of HIPAA. It is not difficult to imagine how identification of individuals or breaches of confidentiality can occur for a given health consumer in this landscape.
Source: Pexels.com
The probability that this bill passes Congress is unclear. Ultimately, should this bill be passed, consumers will likely be in a better position to enjoy the technical innovations and tantalizing potential benefits that digital health applications and other modern healthcare ventures have to offer, without having to sacrifice an undue level of personal privacy in return. As Helen Nissenbaum puts it in “A Contextual Approach to Privacy Online,” “contexts, not political economy, should determine constraints on the flow of information.” Because digital health applications are assuming a role similar to that of a doctor in society, they should be regulated under the same principles and penalties as doctors have been under HIPAA.
References
Hipaa explained. HIPAA Journal. (2021, June 14). Retrieved February 27, 2022, from https://www.hipaajournal.com/hipaa-explained/
Nissenbaum, H., A Contextual Approach to Privacy Online (2011). Daedalus 140 (4), Fall 2011: 32-48, Available at SSRN: https://ssrn.com/abstract=2567042
Office for Civil Rights. (2021, December 7). The HIPAA Privacy Rule. HHS.gov. Retrieved February 27, 2022, from https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
Solove, D. A Taxonomy of Privacy. University of Pennsylvania Law Review, Vol. 154, No. 3, p. 477, January 2006, GWU Law School Public Law Research Paper No. 129, Available at SSRN: https://ssrn.com/abstract=667622
Swanson, S., & Hirsch, R. (n.d.). New legislation aims to upgrade HIPAA to account for New Healthcare Technologies. New Legislation Aims to Upgrade HIPAA to Account for New Healthcare Technologies – Health Law Scan – 02 | Morgan Lewis. Retrieved February 27, 2022, from https://www.morganlewis.com/blogs/healthlawscan/2022/02/new-legislation-aims-to-upgrade-hipaa-to-account-for-new-healthcare-technologies
Wicklund, E. (n.d.). New bill would update HIPAA to address new technology. HealthLeaders Media. Retrieved February 27, 2022, from https://www.healthleadersmedia.com/technology/new-bill-would-update-hipaa-address-new-technology