A bipartisan legislation introduced by the senses. Bill Cassidy, R-La., and Tammy Baldwin, D-Wis., would establish a commission to assess the current state of health data privacy and health insurance portability and accountability law in the goal of addressing long-standing technological and security challenges posed by outdated health data privacy regulations.
The Health Data Use and Privacy Commission Act reinvigorates the federal effort to modernize HIPAA, which was drafted decades before modern digital transformation in healthcare.
The legislation would establish a commission that, among other areas of research, “would provide recommendations on the need for federal legislation and, where appropriate, specific suggestions on proposals for reform, streamlining, harmonization, unification or increase in current laws and regulations relating to the individual”. health confidentiality.
Potential reforms to existing laws would consider “enforcement, pre-emption, consent, penalties for abuse, transparency and notification of privacy practices.” The commission is to include 17 members who will be appointed by the Comptroller General.
Modernizing HIPAA to Meet Digital Transformation
The bill and the commission would put health data privacy and the potential modernization of HIPAA in its sights, after a relative lull in past congressional efforts that sought similar means. Before the pandemic, it was a key federal priority with multiple health privacy laws being introduced on both sides of the aisle.
The goal is to tackle the proverbial white elephant in the room: HIPAA was written when the majority of vendors were still using paper maps and documentation, which means it doesn’t apply to health, smart technologies or other emerging technologies.
The biggest push to overhaul the outdated rule was last seen in 2019, with numerous privacy groups offering their ideas on key issues that a standard or federal privacy law privacy should address. Further updates to the rule have been proposed by stakeholder groups for more than five years.
In 2021, the Center for Democracy & Technology and the eHealth Initiative & Foundation offered their perspective for a consumer health data privacy framework focused on much-needed standards for data collection, disclosure and use consumer health issues, for which HIPAA does not apply.
The newly proposed bill would assess these privacy and security risks, as well as previous recommendations to Congress on how to modernize these health data and privacy laws. The legislation emphasizes patient privacy and building patient trust, while maintaining the ease with which doctors can access much-needed patient data at the point of care.
The push for digital adoption and innovation in healthcare has further compounded issues of patient privacy and trust, Cassidy, who is also a physician, explained in a statement. For these modernization efforts to succeed, “patients need to be confident that their providers are keeping their data secure.”
In short, “HIPAA needs to be updated for modern times. This legislation sets that process on a course to make sure it’s done right,” Cassidy added.
The Commission will focus on the security of health information
For Baldwin, the bill is the first step in getting Congress on the right track to modernizing health care privacy laws and regulations, with a focus on health information security and the tools needed to maintain quality of care.
The legislation would establish a commission to launch a comprehensive and coordinated review of existing protected and personal health information security measures addressed at the state and federal levels, while evaluating the methods used by health care providers, insurance, financial services, consumer electronics. , and other sectors.
The commission would be tasked with determining potential threats to health privacy and political interests, when sharing health information is appropriate and beneficial to consumers, and “the effectiveness of laws, regulations, efforts to private sector self-regulation, technological advances and existing market forces. in health privacy.
The group would also address any potential costs associated with the proposed regulations in the compiled report, as well as any unintended consequences in other policy areas and “possible threats to health outcomes and costs if confidentiality rules are too strict”.
The report should also provide a cost analysis of any proposed legislative or regulatory changes.
The research collected would inform recommendations to provide to Congress and “whether federal legislation is needed to modernize health data privacy, and if so, how to do it.” The legislation would also require the data to be distilled into a report to be submitted to Congress and the president six months after the commission members are appointed.
The proposed legislation has already garnered support from athenahealth, Epic Systems, IBM, Teladoc Health, the Federation of American Hospitals and the American College of Cardiology, the Association for Behavioral Health and Wellness, among others.
A letter sent to Cassidy and Baldwin by those entities hails the bill, and the potential commission, as an indispensable tool for illuminating perspectives in the ongoing privacy debate.
The recommendations set out in the bill to inform Congress will only further the mission of “helping modernize health data use and privacy policies” anchored in clear and consistent patient protections. But the groups make it clear that health data is all too often crafted into a subset of consumer-driven information and provider-generated patient medical data.
As Congress considers comprehensive privacy reform, data covered by HIPAA must also be included in these debates to ensure that entities are not subject to redundant requirements. All health care entities need “clarity and consistency in the rules of confidentiality and use of health data”.
“Given the progress that Congress has made in improving the interoperability of health information and systems, your efforts to ensure a thorough consideration of health data and privacy through the Committee on Health The use and privacy of health data will provide a useful perspective to the ongoing privacy debate,” the groups wrote. .
“Secure and private health information should not be the enemy of medical innovation, clinical process improvement or public health response,” they added. “Careful consideration of these issues by the commission will inform policy makers to achieve the necessary balance between data liquidity and privacy necessary for a highly functional and trusted health system.”