The following is a guest post by Dr. Deborah Peel, Founder of Patient Privacy Rights.
On November 12th, Abbott released his “We the People Plan” for Texas. Clearly he’s heard from Texans who want tough new health data privacy protections.
Topping his list are four terrific privacy recommendations for health and genetic data:
- “Recognize a property right in one’s own DNA.”
- “Make state agencies, before selling database information, acquire the consent of any individual whose data is to be released.”
- “Prohibit data resale and anonymous purchasing by third parties.”
- “Prohibit the use of cross referencing techniques to identify individuals whose data is used as a larger set of information in an online data base.”
The federal Omnibus Privacy Rule operationalized the technology section of the stimulus bill. It also clarified that state legislatures can pass data privacy laws that are stronger than HIPAA (which is a very weak floor for data protections).
Texans would overwhelmingly support the new state data protection laws Abbott recommends . If elected, hopefully Abbott would also include strong enforcement and penalties for violations. Contracts don’t enforce themselves. External auditing and proof of trustworthy practices should be required.
Is this the beginning of a national trend? I think so. The more people know about today’s health IT, the more they will reject electronic systems and data exchanges designed for the hidden use and sale of sensitive personal health data.