Risky Business? Sharing Data with Entities Not Covered by HIPAA

Consumers, Interoperability, Privacy & Security

  • Interoperability

    Discover how healthcare technology works together.
  • Privacy & Security

      Exploring the ways in which we are protecting the privacy, security, and confidentiality of patient and health system information.
  • Consumers

    Explore how individuals and families experience healthcare.

Risky Business? Sharing Data with Entities Not Covered by HIPAA

March 18, 2019

In 2018, eHealth Initiative Foundation (eHI) and Manatt, Phelps & Phillips hosted two executive advisory board meetings on privacy and security in the age of wearable technologies. The risky business of sharing data In and Outside of the healthcare system is becoming more complicated, especially as consumer use of health applications and the desire to share health data increases exponentially. The roundtables convened experts in healthcare privacy and security, explored data sharing within and between organizations (including the relationships healthcare providers have with business associates and application (app) developers), and tackled data sharing implications for the bio-economy and the state, federal, and international policies and rules that aim to guide organizations through the murky terrain. The brief examines the significant amount of health data being generated from apps and consumer devices that are ungoverned by HIPAA and aims to clear up some of the confusion, offering tangible examples of what constitutes a covered and non-covered HIPAA entity, how to determine business associates in relation to HIPAA, provides an examination of federal guidance and regulations for covered entities and app developers, and discusses the nuances of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).