Why health attorneys must not dismiss the revised Consumer Privacy Bill of Rights Act

Health lawyers should pay attention to a revised version of the Consumer Privacy Bill of Rights Act currently in the works, according to Indiana University law professor Nicolas Terry.

While a 2012 version exempted HIPAA-covered entities, since it was considered duplicative regulation, this new bill seeks to regulate data collection, Terry writes in a Health Affairs Blog post. HIPAA, he points out, is less focused on the collection of personal data than on its disclosure.

"It is a concept fundamentally at odds with current practices that maximize collection," he says. "Potentially, it may also clash with the ONC strategy of dramatically increasing data liquidity in order to promote interoperability."

The bill could have the greatest impact on those outside of HIPAA-regulated space, such as big data brokers and app developers, he says.

There would be a new regulator, too, rather than the Department of Health and Human Services Office of Civil Rights. Enforcement powers would be vested in the Federal Trade Commission and state attorneys general. Data minimization is long overdue in healthcare, Terry adds. 

Last summer, members of the House Committee on Oversight and Government Reform questioned the FTC's health data and cybersecurity authority. 

Brian E. Finch, a partner at Pillsbury Winthrop Shaw Pittman, and Brian T. Fox, a principal at PricewaterhouseCoopers recently advocated reducing the amount of stored data as a means to boost security.

In addition, the Health Information Trust Alliance last week released a new framework for de-identification of sensitive patient information as part of a risk-management strategy.

To learn more:
- check out the Health Affairs piece

Suggested Articles

Electronic prescribing company Surescripts has fired back at the Federal Trade Commission in its antitrust case and filed a motion to dismiss the FTC's…

First Choice Health is aiming to make opioid use data available to employers—even those that don’t contract with it for health coverage.

Soom has launched a mobile app that provides medical device recall information from the device manufacturer.