Call it a HIPAA reboot for the wearables age. A pair of senators have filed a bill which would impose new regulations on how companies manage data generated by consumer technologies such as health apps, wearables and direct-to-consumer genetic tests.
The Protecting Personal Health Data Act, which was filed by Sen. Amy Klobuchar (D-MN) and Sen. Lisa Murkowski (R-AK), is designed to strengthen privacy protections for consumers’ personal health data.
In their announcement, the Senators note that when HIPAA was enacted in 1996, wearable devices, apps, social media networks and consumer DNA testing companies either didn’t exist or were at a primitive stage. As these technologies have matured, app developers have begun selling the consumer data generated by their users to third parties, including not only marketers but also other parties.
For example, they cite one case in which an employer apparently paid to access aggregate data on employees who used it from pregnancy-tracking app Ovia. According to the Washington Post, the deal allowed the employer to learn about intimate health issues such as how many women had faced high-risk pregnancies or gave birth prematurely, along with how soon new moms intended to return to work.
Anyway, if enacted, the bill would call for HHS to create regulations which address:
- Standards for consumer data showing consent which differences in sensitivity between genetic data, biometric data and general personal health data
- The ability of consumers to manage the health data privacy options effectively, as well as the ability to access, amend and delete copies of personal data companies collect or use
The bill would also create a National Task Force on Health Data Protection that would address cybersecurity risks and privacy concerns arising from consumer products that handle personal health data. It would also call for the development of security standards for consumer devices, services, applications and software.
In addition, the new Task Force would study the long-term effectiveness of de-identification methods for generic and biometric data.
As a side note, this proposal comes a time when consumer worries about the security and privacy of their medical records have receded a great deal, according to a recent report by ONC. The Senators, for their part, say that their constituents are still calling to them with worries about the protection of their individual health information.
It seems that consumers are becoming more aware of the risks they take when they share their private health information with technology firms. No matter what happens with this bill, the concerns it tackles are likely to remain in play for the foreseeable future.