In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was introduced to require the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent. However, after 2 decades, the health sector has changed significantly. Health information is now being collected, shared, and sold by tech companies. The HIPAA Privacy and Security Rules created rules to guarantee the privacy and security of health data, however HIPAA only applies to HIPAA-covered entities. As a result, HIPAA is due a number of updates to address its vulnerabilities. The Department of Health and Human Services (HHS) has proposed updates to the HIPAA Privacy Rule which are scheduled to take place at the end of the year. However, even if the suggested changes to the HIPAA Privacy Rule are approved by the U.S. government, experts believe that there will still be a number of regulatory gaps that put patient health information at risk.
In order to better secure health patient health information, including health data not yet covered by HIPAA, new bipartisan legislation has been introduced to start the process of identifying and resolving the current privacy vulnerabilities connected with developing technologies. Senators Bill Cassidy and Tammy Baldwin have introduced the Health Data Use and Privacy Commission Act to establish a new commission which will oversee the existing federal and state laws that govern the privacy of health information and will make recommendations for improvements to account for the current technological climate. The recommendations could include a wider variety of organizations. If the commission recommends updates, it will have to outline the probable costs, burdens, any unintended consequences, and whether excessively strict privacy rules pose a risk to health outcomes. Numerous medical associations have come forward with their support for the new legislation including the likes of the Federation of American Hospitals and the Association of Clinical Research Organizations.
“I am excited to introduce the bipartisan Health Data Use and Privacy Commission Act to help inform how we can modernize health care privacy laws and regulations to give Americans peace of mind that their personal health information is safe, while ensuring that we have the tools we need to advance high-quality care,” stated Senator Baldwin.