New Bill Could Extend HIPAA Regulations to Tech Industry

Bipartisan Bill Would Extend HIPAA Protections to Tech Industry
– Global Data Review

Manatt’s Scott Lashway, co-leader of the firm’s privacy and data security practice, spoke with Global Data Review on legislation recently introduced in Congress that would regulate how technology companies use consumer health data.

This legislation calls for the formation of a national task force on health data protection, focusing on cybersecurity risks and privacy concerns associated with wearable devices, genetic testing kits and other tech-based health products, according to Global Data Review.

The text of the bill makes note of individuals’ rights, such as the right to access, delete and amend personal health data. If it is passed, Lashway said it could mean that technology companies would have to receive “informed consent” from consumers before using their data, similar to the Europe Union’s GDPR law.

“I think what GDPR is telling us is that consent has to be informed,” he said. “It can no longer be a check-the-box exercise where the user is providing consent in the dark.”