Senator Seeks Stakeholder Feedback on Improving Health Data Privacy

September 12, 2023 - Healthcare stakeholders have an opportunity to provide feedback to the Senate on improving health data privacy in the US, thanks to a request from US Senator Bill Cassidy (R-LA), a ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee.  

Cassidy issued a request for information (RFI) from stakeholders to gain insights into improving health data privacy and modernizing HIPAA. The deadline to submit feedback to Cassidy’s team is September 28.

“Safeguarding patient privacy is an essential element in building trust in our health care system. Since the Health Insurance Portability and Accountability Act (HIPAA) was passed nearly 30 years ago, patients could rely on their health information being protected, while enabling their providers to exchange their information for treatment, payment, and health care operations,” Cassidy noted in the RFI.

“However, new technologies such as wearable devices, smart devices, and health and wellness apps have expanded the creation and collection of health data. While these technologies have enabled better care and greater patient access to health information, much of this data is not protected by the HIPAA framework.”

Cassidy provided a list of questions for healthcare stakeholders, including general privacy questions about the nature of health data and whether different types of health data should be treated differently under HIPAA. Additionally, Cassidy asked for suggestions about how a duty of loyalty from entities to patients could be imposed in a way that would maximize data privacy while minimizing implementation challenges.

The Senator also asked key questions about HIPAA, asking stakeholders how well HIPAA is working, and how it could be improved.

“Should Congress expand the scope of HIPAA? What specific information should be included in the HIPAA framework?” the RFI probed. “What challenges would legislative reforms to HIPAA create?”

As previously reported, lawmakers and healthcare stakeholders have been pushing for updates to HIPAA in light of recent legal changes and technological developments. These developments include the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the increasing interconnectedness of healthcare, and the rise of generative AI, all of which add to existing compliance complexities.

Cassidy acknowledged the growing compliance challenges that come along with technological advancements. For example, what obligations do covered entities have when collecting or disclosing biometric data?

In addition, how can health entities safeguard location data, which may be tied to specific healthcare facilities? What types of location data should be considered health data?

The RFI challenged stakeholders to consider all these possibilities, as well as the enforcement structures that currently surround health data. What’s more, the RFI acknowledged the patchwork of state and federal laws that currently set the standard for data privacy.

“Nine states have passed data or privacy laws since 2018. What have been the greatest challenges in complying with these frameworks for the governance of health data?” the RFI continued.

“Have there been any lessons learned as states have implemented these laws on best practices to safeguard health data? How should the federal government proceed, considering the existing state patchwork?”

Healthcare stakeholders have the opportunity to address their concerns and provide recommendations to the Senate HELP Committee by responding to this RFI. Ideally, the responses will help to inform future regulations and assistance efforts to further safeguard health data.