Structure Workgroup Meeting #2 – Summary
This workgroup is focused on developing the structure that our proposed privacy framework for unregulated health data will take. On our March call, the group voiced general support for moving ahead with a self-regulatory model of some kind, and therefore our April call focused on walking through a number of different self-regulatory structures.
Readout / Summary: Substance Workgroup Meetings
The goal of this workgroup is to develop the content of a framework for unregulated health information. The April meetings focused on specific protections that should apply to covered data. Our upcoming meetings on May 18 and 20 will focus on exceptions to those protections. During the April meetings, the workgroup discussed on how baseline collection, use, and sharing limits of consumer health data should be addressed under the framework. There was also discussion regarding the definition developed during the March meetings.
Current Healthcare Legal and Regulatory Landscape
Health data – including health used for non-health-related purposes – is not regulated by a single national privacy framework. HIPAA is the primary federal law governing the use and disclosure of protected health information, but HIPAA covers an increasingly smaller slice of the health data pie. Other federal laws may apply, both to data regulated by HIPAA and to data outside of HIPAA’s framework, and states have their own sets of often-more-restrictive laws. In short, the current legal landscape is a patchwork of laws, sometimes overlapping (and at times conflicting), with numerous gaps in comprehensive protections.
Consumer Privacy Framework for Health Data
As health data liquidity rapidly increases, collection of health and “health-ish” data has dramatically outpaced existing regulatory safeguards. There are a wide variety of new vehicles for patient-directed electronic data exchange from health care providers or health plans to entities not covered by HIPAA, in addition to a sharp rise in consumer- and patient-generated data – including from wearable and remote-monitoring devices and on-demand genetic testing services. This is leading to the ever-growing collection of identifiable and individually attributable data, as well as its mining for a diverse assortment of purposes.
Bloomberg: Everyone Has a Contact-Tracing App, and Nobody’s Happy About It
Everyone Has a Contact-Tracing App, and Nobody’s Happy About It.
Questions arise over privacy, surveillance—and whether they even work.
One of the First Contact-tracing Apps Violates its Own Privacy Policy (Washington Post)
North and South Dakota’s Care19 coronavirus app sends users’ location data to more than just the government.
Workgroup: Consumer Health Privacy Framework Substance (Workgroup Members Only)
With funding from the Robert Wood Johnson Foundation (RWJF), the Foundation for eHealth Initiative (eHI) and the Center for Democracy & Technology (CDT) are collaborating on Building a Consumer Privacy Framework for Health Data, designed to address the current gaps in legal protections for health data outside HIPAA’s coverage.
Ensuring Civil Rights During the COVID-19 Response
Under Federal civil rights laws and the Robert T. Stafford Disaster Relief and Emergency Act (Stafford Act), FEMA, State, local, Tribal, and Territorial (SLTT) partners, and non-governmental relief and disaster assistance organizations engaged in the “distribution of supplies, the processing of applications, and other relief and assistance activities shall [accomplish these activities] in an equitable and impartial manner, without discrimination on the grounds of race, color, religion, [national origin], sex, age, disability, English proficiency, or economic status.”1 Civil rights laws and legal authorities remain in effect, and cannot be waived, during emergencies. “More than ever, it is crucial that FEMA apply our core values of compassion, integrity, fairness, and respect in service of all Americans during the unprecedented battle against COVID-19,” said FEMA Administrator, Pete Gaynor.
Read the rest of the FEMA Civil Rights Bulletin below.
Workgroup: Consumer Health Privacy Framework (Workgroup Members Only)
With funding from the Robert Wood Johnson Foundation (RWJF), the Foundation for eHealth Initiative (eHI) and the Center for Democracy & Technology (CDT) are collaborating on Building a Consumer Privacy Framework for Health Data, designed to address the current gaps in legal protections for health data outside HIPAA’s coverage.
COVID-19 Federal Policy Work Group: Public Health Surveillance (Members Only)
Thank you to everyone who joined our June 8th COVID-19 Federal Policy Workgroup. The meeting focused on health information exchange. You can find a recording of the meeting here.