A Shared Responsibility: Protecting Consumer Health Data Privacy in an Increasingly Connected World

Prepared for the Robert Wood Johnson Foundation

As this decade begins, Americans are increasingly apprehensive about the privacy of their personal information. Nowhere is this issue more important than in regard to health data, a type of information that can contain extremely personal details about an individual. Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is the primary law that protects health data in the United States. But HIPAA was adopted in a world where most health data was held either by or on behalf of traditional healthcare providers or health plans.

The health data industry is changing rapidly and available electronic data pertaining to an individual’s health status is growing at an exponential pace. The expanded availability of health data—while often beneficial to consumers, patients and marketplace competition—is also outpacing the development of regulatory safeguards to protect the public. The concerns are particularly heightened when it comes to health data, which can contain extremely sensitive details. Today, companies that operate mobile apps, search engines, social media platforms and health-oriented websites can have more health information about many of their users than a hospital has about most of its patients. Yet these technology companies typically are not subject to HIPAA or other health privacy laws.

Without a framework to regulate the use and disclosure of such information, this data is at risk of misuse. While greater liquidity of health data holds out the promise of tremendous public good, the potential for harm from exploitation of this data is very high, as such data can be sensitive, can be potentially embarrassing and can enable various types of discrimination. The current pandemic, and the resulting increase in health data sharing, makes the privacy challenges—and the need to solve them—all the more pressing. In a new white paper produced on behalf of the Robert Wood Johnson Foundation, Manatt analyzes current health privacy laws and their limited applicability to health information not protected under HIPAA and other related laws. The paper also highlights the serious challenges these limitations create in relation to trust, liability and transparency between companies and consumers, and outlines a continuum of potential options to improve patient health, enhance patience experience and reduce healthcare costs through the use of digital health data.

In addition, the paper includes an analysis of self-regulatory options that have been utilized in other industries, along with insights and lessons from those models that may be applicable to health data. While sweeping new comprehensive federal privacy legislation has long been advocated for by many stakeholders, the reality is that the technology industry is advancing faster than the legislative process. Today, we are faced with an increasingly critical need to have strong and comprehensive consumer privacy protection for health data. The authors find that a failure to advance a new privacy framework will likely result in a complex patchwork of competing state-level regulations that will be difficult, if not impossible, to comply with or enforce…or worse.

To access the full white paper, click here.



pursuant to New York DR 2-101(f)

© 2024 Manatt, Phelps & Phillips, LLP.

All rights reserved