Newspaper article Roll Call

Tech Firms Ask Congress to Redefine Medical Privacy Rules

Newspaper article Roll Call

Tech Firms Ask Congress to Redefine Medical Privacy Rules

Article excerpt

Tech firms, including Amazon.com Inc., are asking Congress to redefine the rules on medical privacy, saying the potential risks of disclosure should be weighed again against the potential benefits of wider sharing and easier access to crucial health data.

Executives of tech companies and health organizations have told the House Energy and Commerce Committee in recent months that what they consider an excessively conservative stance on health data privacy is hindering development of new medical technologies and approaches to treatment, and also adding costs to already burdened state and federal budgets.

"We, in our effort to protect the patients, are constructing a health care system that they and we cannot afford, and we're putting the balance in the wrong spot," Joseph M. Smith, a former Johnson & Johnson medical technology executive who has been involved with venture capital projects, told the committee in June. "In Congress' view of trying to protect everyone from that information, we may be protecting them to death."

Much of what health researchers and executives seek involves more clear guidance on what are known as HIPAA privacy regulations. The name reflects their genesis as an add-on provision to the Health Insurance Portability and Accountability Act of 1996 (PL 104-191).

Yet, these calls for a new look at HIPAA are coming at a time of marked concern about the sanctity of consumers' online accounts - health and otherwise. House Republicans responded with great concern when the Department of Health and Human Services this month announced that common malware had been detected on the website for the federal medical insurance exchange. No personal information was comprised as a result of this intrusion on a healthcare.gov test server, HHS has said.

June brought a furor over the revelation of an experiment seeking to alter the emotional state of about 690,000 of Facebook users. That's likely to heighten people's concern about how data in general is shared online, especially medical records, said Justin Brookman, director for consumer privacy at the Center for Democracy & Technology.

"By and large, they don't expect that they are going to be guinea pigs," he said. "When we are talking about health information, people feel even more strongly about it."

In May, HHS reported a record HIPAA settlement of $4.8 million in a case involving New York Presbyterian Hospital and Columbia University and medical records for about 6,800 people, including laboratory results. The hospital and Columbia learned of the security lapse when the partner of a deceased patient found that person's health information on the Internet. New York Presbyterian and the university notified HHS of the security lapse, and there's been no indication any of that information was ever accessed or used inappropriately. Still, HHS found their "approach to guarding data" lacking and levied the record fine.

The complexity of HIPAA regulations and the threat of inadvertently triggering fines keep many small companies from venturing into projects that would involve using medical data, Smith said at the Energy and Commerce meeting in June. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.