Privacy and Security

State of Play:  The Office of Management and Budget (OMB) is reviewing a proposed rule for changes to support and remove barriers to coordinating care and individual engagement under the Health Insurance Portability and Accountability Act (HIPAA). The House of Representatives has passed legislation removing the ban on federal funding to implement a National Patient Identifier System. There have been several privacy-related bills introduced in Congress to safeguard data collected from contact tracing applications.   

HLC Position:  HLC leads a broad group of organizations, collectively known as the Confidentiality Coalition, to ensure that policymakers strike the right balance between the protection of confidential health information and the information-sharing needed to provide high-quality care. The coalition is active with Congress and the administration on policies related to data exchange, privacy, data security, and cybersecurity.  Members believe that regulatory clarity is key to enabling health information flow and support efforts to create a uniform national privacy standard that does not conflict with the HIPAA privacy rule, rather than having inconsistent and differing state laws that currently supersede federal regulation.

HLC Recent Activity:

  • On August 21, the Confidentiality Coalition submitted comments to the Federal Trade Commission (FTC) for its September data portability workshop on privacy and security issues related to increased data portability efforts.
  • The Confidentiality Coalition has provided congressional staff feedback regarding privacy-related issues of contact tracing and data surveillance for COVID-19 public health activities.
  • On April 28, HLC’s Confidentiality Coalition submitted comments to the U.S. Food and Drug Administration (FDA) regarding modernization of the FDA’s data strategy. The comments espoused a core approach to stewardship of health data that all entities that generate, hold, manage, exchange, and share health data have a responsibility to take necessary steps to maintain the confidentiality and trust of patients and consumers. A copy of the coalition’s “Beyond HIPAA Privacy Principles” was included with the letter.