eHI and CDT Collaboration in Developing a Consumer Privacy Framework for Health Data not Protected by HIPAA

The eHealth Initiative (eHI) has partnered with the Center for Democracy & Technology (CDT) to create a new consumer privacy system for health information not protected by the Health Insurance Portability and Accountability Act (HIPAA) Rules.

Personally identifiable health data obtained, stored, retained, processed, or sent by HIPAA-covered entities as well as their business associates is protected by the HIPAA Privacy and Security Rules. In case the same data is obtained, stored, retained, processed, or sent by a non-HIPAA covered entity, the law does not require those protections.

At present health information is collected, kept, and transmitted by wearable devices, health and wellness applications and educational health sites. If there are no HIPAA-like protections, the privacy of consumer health data is put in danger.

The Robert Wood Johnson Foundation gave eHI and CDT funding for the Building a Consumer Privacy Framework for Health Data project. A Steering Committee for Consumer Health Privacy has been formed with specialists and kings from healthcare, technology, consumer groups, and privacy advocacy groups. The Steering Committee will go over the essential steps to protect the privacy of health information not protected by HIPAA privacy rules and will evaluate different strategies to take care of the complexities of securing non-HIPAA-covered health information.

Chief Executive Officer of eHI, Jennifer Covich Bordenick, explained that their focus is analyzing ‘health-ish’ data not protected by HIPAA or other health privacy regulations. It is vital to bring together a broad and comprehensive variety of collaborators to work on some major issues.

The Steering Committee’s first meeting was held on February 11, 2019 in Washington DC. The group of participants that attended the meeting included 23andMe, Ascension, Change Healthcare, American Hospital Association, American College of Physicians, American Medical Association, Electronic Frontier Foundation, Fitbit, Elektra Labs, Future of Privacy Forum, Hogan Lovells, Hispanic Technology and Telecom Partnership, Microsoft, Salesforce, National Partnership for Women & Families, Under Armour, Waldo Law Offices, UnitedHealth Group, Yale University, Wellmark Blue Cross and Blue Shield.

There will be more Steering Committee meetings throughout 2020. There will also be smaller workgroups formed to focus on particular areas of the privacy framework. CDT and eHI are telling privacy experts, consumer organizations, and businesses that manage genomic, wearable, and social media information to join the project.

Interim Co-Chief Executive Officer of CDT, Lisa Hayes, said that consumers are more cynical with regards to the use of their data especially sensitive health-related data. Hopefully, this framework can provide more privacy rights and protections to consumers who use modern digital health and wellness services.