November 22, 2018
The American Medical Informatics Association (AMIA) is requesting for the Trump Administration to tighten up data secrecy laws through better alignment of HIPAA and the Common Law and adoption of a more integrated approach to secrecy that includes both the healthcare sector as well as consumer sector.
The call follows a request for remark by the NTIA to start a talk concerning consumer secrecy. In a letter to the National Telecommunications and Information Administration (NTIA), a branch of the Division of Commerce, AMIA clarified that its remarks are informed by the wide experience of dealing with both the Health Insurance Portability and Accountability Act and the Central Protections for Human Subjects Research (Common Rule).
Presently, there is a patchwork of central and state rules that complicate compliance and produces information sharing challenges which lead to ‘perverse outcomes’ because of different clarifications of current secrecy policies.
AMIA exemplified the problem of the present patchwork of secrecy plans using Pennsylvania and New Jersey as an illustration. Pennsylvania and New Jersey are neighboring states, however, they have different policies covering HIV/AIDS data. If an HIV/AIDS patient from Pennsylvania was to visit a hospital in New Jersey, information on their HIV/AIDS analysis would not be accessible by clinicians in New Jersey, even though the information has high significance in cure decisions. The patient would also be unlikely to get their data from the New Jersey hospital to take back to their healthcare supplier in Pennsylvania.
“AMIA helps the administration to make sure that central laws lay a common base throughout jurisdictional and geographic borders while also providing a procedure for jurisdictions to tackle local requirements and rules.”
In recent years there has been a substantial increase in consumer appliances and information systems that note similar information to medical appliances and healthcare information systems. The line between the two has been unclear. An action is therefore needed to develop concordant secrecy policies across health and consumer data ecosystems.
HIPAA was introduced 22 years back in 1996 at a time when healthcare companies were mainly using paper records. While HIPAA has been updated to account for the change to electronic files, AMIA points out that the adoption of health-related technologies that were not available in 1996 has led to the creation of gaps that now threaten patient secrecy.
The alterations made to HIPAA through the introduction of the Secrecy Law have ensured that patients have access to their health data and greater control over what is done with that information. What is now needed are similar rights and safeguards for consumers.
While AMIA doesn’t propose that either HIPAA or the Common Rule must be applied to the consumer data ecosystem, both “must serve as vital and informative inputs to [the] conversation on consumer data secrecy.”
AMIA has called for the Federal Trade Commission (FTC) to develop a consumer data plan that “Supports confidence, security, efficacy, and transparency across the propagation of commercial and non-proprietary information resources,” and proposes that the time is right to develop an “ethical framework around the collection, usage, storage, and revelation of the personal information consumers might provide to companies.”