Privacy and Security

State of Play: As Congress continues to consider a new federal privacy law, several states have followed California’s lead and have introduced consumer privacy legislation that would impose new requirements on businesses to provide consumers with control of personal data and transparency of data practices.  In February, the House Energy and Commerce Committee and the Senate Committee on Commerce, Science, and Transportation each held hearings examining data privacy issues and key privacy principles for a federal privacy law including enforcement, corporate responsibility, and consumer rights. In February, the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) released their anticipated interoperability and patient access proposed rules as required by the 21st Century Cures Act.  If finalized, these rules will have broad implications for the way data are shared among providers, health applications, and consumers.

HLC Position: HLC leads a broad group of organizations, collectively known as the Confidentiality Coalition, to ensure that policymakers strike the right balance between the protection of confidential health information and the information-sharing needed to provide high-quality care.  The coalition is active with Congress and the administration on policies related to data exchange, privacy, data security, and cybersecurity.  Members believe that regulatory clarity is key to securing health information flow, and support efforts to create a uniform national privacy standard, based on the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, rather than the inconsistent state laws that currently supersede federal regulation. HLC urges Congress to pass legislation to provide healthcare providers with the patient information they need to treat substance use disorder patients. 

HLC Recent Activity:

  • On May 16, the Confidentiality Coalition hosted staff from ONC who presented on the Trusted Exchange Framework and Common Agreement (TEFCA).
  • The Confidentiality Coalition is working on comments in response to ONC’s proposed information blocking and interoperability rule. The coalition will comment on the privacy and security exceptions related to information blocking.
  • The Confidentiality Coalition is working on comments in response to CMS’s proposed rule on interoperability and patient access. The coalition will support private sector collaboration with technical assistance from HHS on the identification and collection of a common set of data elements using federally adopted standards to improve patient matching.
  • On May 7, the Confidentiality Coalition submitted a statement for the Senate Committee on the Judiciary hearing, “Oversight of the Federal Trade Commission: Strengthening Protections for Americans’ Privacy and Data Security.” The coalition supported the Federal Trade Commission’s oversight of personal health records that reside in non-HIPAA-covered entities.
  • The Confidentiality Coalition continues to hold meetings with staff in the House and Senate as Congress considers national privacy legislation. In these meetings, the coalition emphasizes the importance of streamlining privacy laws across states to ensure the flow of appropriate health information necessary to improve health and healthcare.
  • On May 22, HLC and the America’s Health Insurance Plans cohosted a privacy and security workshop at the WEDI Spring Conference. Tim Noonan, acting deputy director, health information privacy at the Office for Civil Rights (OCR), spoke at the workshop, giving an update on OCR’s current activities and future policy areas to be addressed by the agency.
  • On March 22, HLC responded to a request from Senator Mark Warner (D/VA) asking what healthcare entities are doing to protect patient information and essential operations from cyberattacks. HLC supported a national strategy to reduce cybersecurity that fosters a value-based healthcare system, efficient interoperation of health information technology, engaged and active patients, and trust among all participants
  • In February, HLC began cochairing the Workgroup for Electronic Data Interchange (WEDI) Privacy and Security Workgroup.
  • On February 27, the Confidentiality Coalition wrote in support of the U.S. Senate Committee on Commerce, Science, and Transportation hearing on “Examining Policy Principles for a Federal Data Privacy Framework in the United States.” The coalition encouraged a federal data privacy framework that is consistent nationally and includes similar expectations of acceptable uses and disclosures for non-HIPAA covered health information.
  • On February 26, the Confidentiality Coalition wrote in support of the House Energy and Commerce Committee hearing on “Protecting Consumer Privacy in the Era of Big Data.” The coalition encouraged consistent privacy rules so that persons and organizations not covered by HIPAA that create, compile, store, transmit, or use health information operate under a similar expectation of acceptable uses and disclosures.
  • On February 11, the Confidentiality Coalition submitted a response to the Office for Civil Rights’ request for information on the Health Insurance Portability and Accountability Act.