REPORT RELEASE - Risky Business? Sharing Data with Entities Not Covered by HIPAA

Washington, D.C. – March 18, 2019 – eHealth Initiative Foundation, in conjunction with Manatt Health, released an information brief, Risky Business? Sharing Data with Entities Not Covered by HIPAA. The brief examines the significant amount of health data being generated from apps and consumer devices that are ungoverned by HIPAA. As corporate entrants to the healthcare industry increase, confusion about the handling of health information by app developers abounds. The brief aims to clear up some of the confusion, offering tangible examples of what constitutes a covered and non-covered HIPAA entity and how to determine business associates in relation to HIPAA.

“Privacy and security in healthcare are at a critical juncture, with rapidly changing technology and laws that are struggling to keep pace,” said Jennifer Covich Bordenick, Chief Executive Officer, eHealth Initiative Foundation. “Even as new laws like CCPA and GDPR emerge, many gray areas for the use and protection of consumer data need to be resolved. We hope the insights from papers like this help industry and lawmakers to better understand and address the world’s changing privacy challenges.”

The brief also provides an examination of federal guidance and regulations for covered entities and app developers and discusses the nuances of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Some important takeaways from the brief include:

  • The CCPA is the nation’s strictest consumer privacy and data protection measure. It will require covered businesses to ensure an assortment of consumer rights and related notices. The GDPR is designed to harmonize data privacy laws across Europe and give greater protection and rights to individuals. Companies doing business in Europe are subject to the GDPR. There has been no guidance on the GDPR and HIPAA interface.
  • The growing number of consumers who voluntarily give away their personal genomic data (without any restrictions) to the DNA market is a growing concern, that has far reaching implications.
  • Given the rapid speed of technology development, it may be impossible for legislators to ensure federal and state policies address all consumer concerns. However, before developing strict privacy policies, policymakers and industry leaders may want to first focus on developing a values framework to guide the future use of personal health information.

“As the industry continues to harness technology to improve and innovate care, protecting consumer data and ensuring corporate entities comply with privacy regulations is increasingly critical,” said Robert Belfort, Partner, Manatt Health. “What is particularly challenging is how to handle the significant amount of health data generated by health apps and consumer devices that are not covered by HIPAA. This brief shines a light on these issues and provides useful guidance for how healthcare providers and app developers should interact.”

eHealth Initiative’s research and work on privacy and security was supported by Manatt, Phelps & Phillips. The brief is available for download in the eHealth Resource Center and on the Manatt’s website.

About eHealth Initiative

eHealth Initiative (eHI) & Foundation is a Washington DC-based, independent, non-profit organization whose mission is to drive improvements in the quality, safety, and efficiency of healthcare through information and information technology. eHI is the only national organization that represents all stakeholders in the healthcare industry. Working with its membership, eHI advocates for the use of health IT that is practical, sustainable and addresses stakeholder needs, particularly those of patients,

About Manatt Health

Manatt Health integrates legal and consulting expertise to better serve the complex needs of clients across the healthcare system. Combining legal excellence, first-hand experience in shaping public policy, sophisticated strategy insight, and deep analytic capabilities, Manatt provides uniquely valuable professional services to the full range of health industry players. Their diverse team of more than 160 attorneys and consultants from Manatt, Phelps & Phillips, LLP and its consulting subsidiary, Manatt Health Strategies, LLC, is passionate about helping clients advance their business interests, fulfill their missions, and lead healthcare into the future. For more information, visit

External News Article: 
News Category: 
Press Release