Proposed Senate Bill for Modernization of Health Privacy Laws

Bipartisan legislation was introduced to begin the process of modernizing health privacy laws. The Health Data Use and Privacy Commission Act would establish a commission to assess the current state of health data privacy and the Health Insurance Portability and Accountability Act (HIPAA) in an effort to address longstanding technology and security challenges posed by the outdated health data privacy regulation. HIPAA currently protects interactions between patients and their physicians, but does not protect health data collected/recorded on emerging technologies such as cell phones and digital health applications.

The commission would be responsible for conducting a coordinated and comprehensive review and comparison of existing protections of personal health information at the state and federal level, as well as current practices for health data use by the health care, insurance, financial services, consumer electronics, advertising, and other industries. In addition, the commission would provide conclusions and/or recommendations to Congress for revisions to the current law, specifically:  

  • Potential threats posed to individual health privacy and legitimate business and policy interests;
  • Purposes for which sharing health information is appropriate and beneficial to consumers and the threat to health outcomes and costs if privacy rules are too stringent;
  • Effectiveness of existing statutes, regulations, private sector self-regulatory efforts, technology advances, and market forces in protecting individual health privacy;
  • Whether federal legislation is necessary, and if so, specific suggestions on proposals to reform, streamline, harmonize, unify, or augment current laws and regulations relating to individual health privacy;
  • Analysis of whether additional regulations may impose costs or burdens, or cause unintended consequences in other policy areas;
  • Cost analysis of legislative or regulatory changes proposed;
  • Non-legislative solutions to individual health privacy concerns, including education, market-based measures, industry best practices, and new technologies; and
  • Effectiveness and utility of third-party statements of privacy principles and private sector self-regulatory efforts.

As evidenced by a letter sent to the Senators, this legislation is supported by the American College of Cardiology, Association for Behavioral Health and Wellness, Association of Clinical Research Organizations, athenahealth, Inc, Epic Systems, Corporation Executives for Health Innovation, Federation of American Hospitals, Heath Innovation Alliance, IBM, National Multiple Sclerosis Society, Teladoc Health and the United Spinal Association.