The Privacy and Security Workgroup of the Health IT Policy Committee is working on recommendations for dealing with big data, according to an article at Healthcare Informatics.
In its meeting Monday, members discussed the challenges presented both for HIPAA-covered entities and the marketplace not covered by HIPAA. Those issues include data de-identification, security and other areas.
Workgroup chair Deven McGraw, a partner in the healthcare practice of Manatt, Phelps and Phillips, noted that consumers don't have clearly defined rights for accessing information collected about them by organizations not covered by HIPAA.
The panel wants to remind the National Coordinator for Health IT that the Federal Trade Commission can enforce voluntarily adopted codes of conduct, some of which are still being developed. It also discussed whether the Federal Credit Reporting Act could be used to provide patients with more transparency about the algorithms healthcare organizations use to make decisions about patients and populations.
The workgroup is drafting language calling for the Office for Civil Rights to be a better "steward" of de-identification standards and to take advantage of outside help, such as that of the National Institute of Standards and Technology (NIST).
The Government Accountability Office previously called on Congress to consider strengthening the consumer privacy framework to take changes in technology into account, pointing out that the current statutory framework for consumer privacy does not fully address new technologies-such as the tracking of online behavior and the increased marketplace for personal information.
In the workgroup meeting, McGraw said there's a need to better understand gaps in legal protections, but overall the group is reluctant to call for Congressional action at this point.
The proposed Consumer Privacy Bill of Rights Act focuses more on the collection of data, while HIPAA is more concerned about disclosure of data. That bill is expected to have the greatest impact on those outside of HIPAA-regulated space, such as big data brokers and app developers.
To learn more:
- read the article