Bipartisan Bill Calls for Protection of Personal Health Data

Samara Rosenfeld
JUNE 18, 2019
data privacy
Photo/Thumb have been modified. Courtesy of Book Catalog via flickr.

Two senators have introduced a bipartisan bill that would address cutting-edge health data privacy concerns. The Protecting Personal Health Data Act, introduced by Sens. Amy Klobuchar and Lisa Murkowski, would require the secretary of the U.S. Department of Health and Human Services (HHS) to implement regulations for new health technologies like wearable devices, mobile health apps and direct-to-consumer genetic testing kits, which are not covered by existing laws.
 
The proposed legislation answers the call of many experts who believe the Health Insurance Portability and Accountability Act (HIPAA) is outdated. Others have claimed that flexibility is baked in to HIPAA.
 
“This legislation will protect consumers’ personal health data by requiring that regulations be issued by the federal agencies that have the expertise to keep up with advances in technology,” Klobuchar, a Democrat from Minnesota, said in a statement.
 
The proposed bill cites an HHS report to Congress that said trackers, social media sites where individuals share health information and other common technologies used today did not exist when Congress enacted HIPAA in 1996.
 
Under the Protecting Personal Health Data Act, the secretary of HHS and the chairman of the Federal Trade Commission, the National Coordinator for Health IT and other stakeholders will enforce regulations to strengthen privacy and security protections for personal health data collected, processed, analyzed or used by consumer devices, services, applications and software.


Roles of the Secretary

  • Account for differences in the nature and sensitivity of the data collected
  • Consider the findings of the HHS report to Congress in regard to an individual’s access rights, re-use of data by third parties and security standards and protections
  • Consider uniform standards for genetic data, biometric data and personal health data consent
  • Consider consent requirement exceptions for law enforcement, academic research or research assessing healthcare use and outcomes, emergency medical treatment or determining paternity
  • Consider standards for the de-identification of personal health data
  • Consider limitations on the collection and use of personal health data that are relevant to accomplish a specific purpose
  • Ensure awareness of consumer privacy and security protections for digital health technology


The Establishment of the National Task Force on Health Data Protection

The secretary would also establish the National Task Force on Health Data Protection, which would consist of no more than 15 appointed members. The task force would operate for five years before submitting a recommendation to Congress after the termination date to determine whether the group should continue its work.

The task force would:
  •  Study the effectiveness of de-identification methodologies for genetic and biometric data
  • Evaluate the development of security standards, cybersecurity risks and privacy concerns
“This legislation takes important steps to ensure guidelines are created for security and privacy protections of modern health information,” Murkowski, a Republican from Alaska, said in a statement. “Our policies must evolve to keep up with advancements in recent technology. By enacting important modern protections for consumers’ personal health data, our bill puts the privacy of American consumers first.”

Get the best insights in digital health directly to your inbox.

Related
How We Can Revamp Our Data Privacy Laws
Wearable Medical Devices Can Raise Issues for Healthcare Professionals
Patients More Willing to Undergo Genetic Testing if Given Control of Their Data

SHARE THIS SHARE THIS
14
Become a contributor