info@ehidc.org

 202-624-3270

The Case for Accountability: Protecting Health Data Outside the Healthcare System

Download Report »     Read Press Release »  

Overview
Since the early 2000s, the Health Insurance Portability and Accountability Act (HIPAA) has been the nation’s primary health privacy law, protecting patient data held by the healthcare system – hospitals, doctors, clinics, and health insurers.

With the explosive proliferation of digital technologies, an ever-increasing amount of health data is generated by consumers themselves. This data is both held and used by companies that are not bound by the obligations of HIPAA, leaving that data largely under-protected and under-regulated.

With the generous support of the Robert Wood Johnson Foundation (RWJF), the Executives for Health Innovation (EHI, formerly the eHealth Initiative) and the Center for Democracy & Technology (CDT) released the Consumer Privacy Framework for Health Data (the Framework) in February of 2021.  The Framework outlines the current gaps in legal protections and discusses how non-HIPAA-covered health data should be used, accessed, and disclosed. A second round of funding from RWJF led to the development of two follow-up reports, The Case for Accountability: Protecting Health Data Outside the Healthcare System, authored by EHI, and Placing Equity at the Center of Health Care & Technology, authored by CDT.
 

  

The Final Report
EHI’s report makes the case for why a robust accountability mechanism is needed to govern the use of health data held and used by health tech companies. In the absence of new federal data privacy legislation, EHI has put forward a private-sector solution – a neutral, independently run self-regulatory program that will oversee the data use policies and procedures of Framework members.

Self-Regulatory Program
In January 2022, EHI launched a Request for Proposals from organizations interested in housing and running the Framework’s self-regulatory program. After careful consideration of the proposals submitted by an independent, objective committee of experts, EHI is delighted to announce that it has selected BBB National Programs to implement and house this new program, overseeing compliance with the Framework and protecting consumer health data not bound by the obligations of HIPAA.

 

Q&A

  1. How is the self-regulatory program being funded?
    EHI and BBB National Programs will be seeking grant funding to provide seed money for the formation and launch of the program. Eventually the program will be financially sustained by annual member dues, which will be scaled based on a company’s revenue.
     
  2. Where can I find the proposed data use standards?
    The Consumer Privacy Framework for Health Data  discusses how non-HIPAA-covered health data should be used, accessed, and disclosed.
     
  3. My company is interested in participating in the self-regulatory program and comply with data use standards contained within the Framework. Where do we begin?
    Please contact BBB National Programs at healthdata@bbbnp.org.