Datapalooza17: Digital health’s ‘dirty secret’ lies in confusing state privacy laws

phone iPhone
State privacy laws are “a really painful, stupid situation” for digital health companies, according to one privacy attorney.

Everyone in healthcare knows about the big, five-letter federal privacy law governing patient health data. Far fewer understand the thousands of state privacy laws.

During a session at Health Datapalooza on Friday, Ann Waldo, an attorney with Waldo Law Offices, PLLC, who counsels digital health companies on information privacy, said in addition to HIPAA compliance, healthcare organizations also face “literally thousands” of state medical privacy laws that are difficult to understand.

“The dirty secret is very few people understand these laws and very few people comply with them,” she said. “It’s impossible.”

Those state laws are widely inconsistent, she added. For example, one state may require doctors to disclose behavioral health information to the parents of a teenager while an adjacent state might take the exact opposite stance.

RELATED: 3 ways Trump’s FDA nominee could reshape digital health

Waldo added that these confusing privacy laws are “a really painful, stupid situation” that limits innovation within the digital health industry. She advocated for wiping out the thousands of regulations and starting over with a blank slate.  

Waldo also took umbrage to the high fees that patients often pay to get their medical records, noting that access to medical information is “still a massive problem” despite guidance from the Office for Civil Rights. She offered an interesting alternative: Do away with medical record fees altogether.

“We need to get to that point now where we don’t charge people a fee at all to find out what happened to them in their own lives,” she said.

RELATED: Despite regulatory uncertainty, digital health investment remains steady

Anand Iyer, chief strategy officer at WellDoc, said his company has shifted the way it addresses privacy considerations from a “monolithic” approach to something that is dispersed throughout the software-building process and ingrained in the culture of the company. He argued that’s an approach that has made privacy regulations much more manageable, and added that it’s an issue venture capitalists are beginning to think about as well.

Doctors have listed privacy as one of several concerns they have about digital health tools, although a recent survey showed far more consumers are using digital health apps and requesting copies of their health records.

“We see that it’s important piece of the fabric of digital health,” he said. “Why? It will actually help you create sustainable business models. It will improve the probability of success.”