Greater Alignment of Federal Data Privacy Rules Needed

The American Medical Informatics Association (AMIA) is requesting the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Protections for Human Subjects Research (Common Rule) be more closely aligned and that there should be a more integrated approach to privacy in both the consumer and health sector.

The AMIA call comes after the National Telecommunications and Information Administration (NTIA) requested information about privacy issues concerning healthcare data. In a letter to the NTIA, AMIA submitted comments based on its extensive experience dealing with HIPAA and Common Rule issues.

Presently, a patchwork of federal and state rules makes compliance difficult. Highly varied privacy policies result in information sharing problems, and ‘perverse outcomes’ due to different interpretations of current regulations.

AMIA explained by way of an example that Pennsylvania and New Jersey have different policies on HIV/AIDS data, and since they are neighboring states, this could easily lead to problems. Say an HIV/AIDS patient, diagnosed in Pennsylvania, visited a healthcare facility in New Jersey. Current policies would prevent physicians in New Jersey from accessing the patient’s HIV/AIDS information, even though that information is needed for treatment decisions. Once the patient was treated, it would be difficult for the patient to obtain a copy of their data to take back to their healthcare provider in Pennsylvania. AMIA is suggesting the administration should apply common rules across jurisdictional and geographic borders.

In the past few years, consumer information systems that record health data have become more popular and the line between consumer and medical information systems has been blurred. It is therefore necessary to create concordant privacy policies throughout the consumer and health data ecosystems.

The HIPAA Privacy Rule ensures patients have access to their health data and gave them greater control over how their medical information can be used. What is currently needed are similar rights and protections for all consumers. AMIA is not suggesting the application of either HIPAA or the Common Rule to the consumer data ecosystem, but both sets of regulations can provide informative inputs to help improve consumer data privacy.

AMIA has requested the Federal Trade Commission (FTC) create a consumer data program that facilitates trust, safety, transparency and efficacy across commercial and non-proprietary data resources. There should also be an ethical framework for the collection, usage, storage, and sharing of consumers’ personal information.