- The American Medical Informatics Association is calling on the Trump Administration to better align data privacy policies from both the health and consumer sectors.
In a letter to the National Telecommunications and Information Administration, AMIA officials explained that the patchwork of HIPAA policies have led to much confusion in the healthcare sector. The problem is the wide range of HIPAA interpretations, which created drastic variations on how the rule is applied.
As it stands, there’s an “over-emphasis on vague or difficult-to-measure outcomes,” and without further standards, it will result in HIPAA failings, continued variations on how it’s interpreted, and inconsistent use, according to officials.
Officials also noted that some health-related technologies fall outside those regulations and other Federal Trade Commission mandates and state laws, which leads to a lack of proper oversight.
“Consumer privacy can still be compromised due to regulatory gaps around access, security, and privacy,” AMIA CEO Doug Fridsma wrote. “The administration should thus include ‘closing regulatory gaps’ that endanger data privacy to its list of high-level goals.”
The letter comes in response to an NTIA request for information from healthcare stakeholders, to better understand what’s needed to advance and protect consumer privacy and technology innovation. The group is looking for ways to give consumers more control over their data, as well.
For AMIA, to begin fixing these issues, the administration needs to reevaluate HIPAA and the Common Rule to determine what areas need to be updated or merged to reflect a new era of data privacy. Officials are asking for an integrated approach to how health and consumer sector policies are defined.
Fridsma stressed the need for stronger language to establish “consumer-centricity as a prerequisite condition,” as the current language is unclear.
“The feared ‘patchwork’ of different state policies is the reality for healthcare data,” Fridsma wrote. “This issue has become more pronounced in the era of digital health records, creating challenges to information exchange, complicating compliance, and generating perverse outcomes based on variable interpretation.”
“AMIA encourages the administration to ensure that federal rules lay a common foundation across jurisdictional and geographic boundaries while also providing a process for jurisdictions to address local needs and norms,” he continued.
To Fridsma, a revision of HIPAA could solve some of these current challenges and serve as a model to broader privacy rules, as long as the administration balances “the need for both prescriptive process-oriented policies and outcome-oriented policies.”
Further, the FTC should consider developing an “ethical framework,” as a guide to collecting, using, storing, and disclosing the data consumers provide to organizations. In addition, AMIA recommended the administration consider an interagency working group to better understand the flow of data between consumer systems from traditional and non-traditional sources in an “ethically responsible way.”
HIPAA went into effect more than 20 years ago. And while the HITECH Act added some of the more technical language, many healthcare stakeholders have bemoaned HIPAA’s limitations in recent years. With the Department of Health and Human Services’ Office of Civil Rights’ advancing a HIPAA RFI to the Office of Management and Budget this week, a change may be coming in the near future.
“AMIA applauds the administration for initiating an overdue conversation on how to best protect consumer data privacy. The principles described, and concepts supported by the initial proposal are the right ones to be included in this conversation,” Fridsma wrote.