U.S. Senators Bill Cassidy, M.D. (R-LA) https://www.cassidy.senate.gov and Tammy Baldwin (D-WI) https://www.baldwin.senate.gov introduced the Health Data Use and Privacy Commission Act to modernize outdated health privacy laws and regulations.
Today, technology companies are increasing in healthcare resulting which enables health information to expand beyond the reach of HIPAA so that there is no longer adequate protection for health data recorded on emerging technologies (cell phones, smart watches, etc.) which puts this data at potential risk.
This legislation forms a Health and Privacy Commission to research and give official recommendations to Congress on how to modernize the use of health data and privacy laws to ensure patient privacy and trust while balancing the need for doctors to have information at their fingertips.
This legislation would establish a Commission to:
- Conduct a coordinated and comprehensive review and comparison of existing protections of personal health information at the state and federal level, as well as review current practices for health data use by the healthcare, insurance, financial services, consumer electronics, advertising, and other industries
- Provide recommendations to Congress on whether federal legislation is needed to modernize health data privacy, and if so, how to accomplish this goal
- Be charged with submitting a Report to Congress and to the President six months after all members are appointed which includes 17 members to be appointed by the Comptroller General
Specifically, the Commission would be charged with drafting recommendations and conclusions on the following:
- The potential threats posed to individual health privacy and legitimate business and policy interests
- The purposes for which sharing health information is appropriate and beneficial to consumers and the threat to health outcomes and costs if privacy rules are too stringent
- The effectiveness of existing statutes, regulations, private sector self-regulatory efforts, technology advances, and market forces needed to protecting individual health privacy
- Recommendations as to whether federal legislation is necessary, and if so, specific suggestions on proposals to reform, streamline, harmonize, unify, or augment current laws and regulation relating to individual health privacy, including reforms or additions to existing laws related to enforcement, preemption, consent, penalties for misuse, transparency, and notice of privacy practices
- Analysis of whether additional regulations may impose costs or burdens, or cause unintended consequences in other policy areas
- The cost analysis of legislative or regulatory changes proposed in the report
- Recommendations on non-legislative solutions to individual health privacy concerns
- Review of the effectiveness and utility of third party statements of privacy principles and private sector self-regulatory efforts as well as third party certification or accreditation programs meant to ensure compliance with privacy requirements
According to Dr. Cassidy, “HIPAA must be updated for the modern day. This legislation would start this process to make sure that it is done right.”
Go to congress.gov for the text for the legislation. The bill number is S-3620.