The Health Insurance Portability and Accountability Act, or HIPAA, was a huge leap forward in health care privacy that set the standard for health information protection. Now, it’s under fire for being outdated.
In response to the changing healthcare technology landscape, U.S. Senators Amy Klobuchar, D-Minnesota and Lisa Murkowski, R-Arkansas are pushing legislation that would account for emerging technology such as health apps and direct-to-consumer genetic tests, reports Health IT Security.
Called The Protecting Personal Health Data Act, the legislation fills privacy gaps unaddressed by HIPAA. As the outlet explains, the Department of Health and Human Services Office for Civil Rights made it clear in an April FAQ that providers are not on the hook when patients share data with third-party apps and APIs without their recommendation.
“The FAQs clarify that once protected health information has been shared with a third-party app, as directed by the individual, the HIPAA-covered entity will not be liable under HIPAA for subsequent use or disclosure of electronic protected health information, provided the app developer is not itself a business associate of a covered entity or other business associate,” per the OCR.
Concerns of inaction on the HHS’ part prompted the proposal of this legislation. Under this act, the HHS Secretary regulate health technology companies, evaluating how patients consent to the use of various personal health data such as genetic data, biometrics and general personal health data, says the outlet.
“New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight.”
Other provisions include the right for individuals to access, change and delete personal health data as well as the formation of a national task force on health data protection.
“New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight,” Klobuchar explained in a statement.