Natali_Mis/istock via Getty Imag

RWJF, Manatt Share Consumer Health Data Privacy Framework

Several privacy groups like eHI and the Center for Democracy & Technology are also working on a consumer health data privacy framework that will pull from RWJF and Manatt insights.

The Robert Wood Johnson Foundation and Manatt Health recently released a consumer Health Data Privacy Framework designed to address some of the gaps in existing health data privacy protections, as well as steps the industry could take to advance these priorities. 

As noted by the Department of Health and Human Services, HIPAA regulations do not cover third-party health apps and other consumer health data generated from wearables and other devices chosen by the patient and not tied to or recommended by a healthcare provider. 

In May, the American Medical Association released its own insights for non-HIPAA covered entities to address similar gaps. HIPAA was enacted long before these apps and wearables grew in popularity.  Thus, industry stakeholders have long warned the privacy regulation needs an update to address these gaps.

However, the HHS Office of the National Coordinator does not bear the onus to update HIPAA. In response, Congress has also steadily worked to create legislation able to better protect consumer privacy.  

The recent RWJF and Manatt framework builds off these past efforts, while spotlighting the risks posed by the rapid expansion of health data availability. From mobile apps, search engines, and even social media and health-focused websites, an increasing number of companies have more consumer health data than a provider may have on most of their patients. 

“While often beneficial to consumers, patients and marketplace competition — [the expanded availability of health data] is also outpacing the development of regulatory safeguards to protect the public,” researchers explained. 

“Without a framework to regulate the use and disclosure of such information, this data is at risk of misuse,” they added. “While greater liquidity of health data holds out the promise of tremendous public good, the potential for harm from exploitation of this data is very high, as such data can be sensitive, can be potentially embarrassing and can enable various types of discrimination.” 

Fueled by the COVID-19 pandemic and the urgent need for access to consumer health information, the recent insights analyzes current privacy laws and limitations, as well as the challenges posed by these issues when it comes to consumer trust, liability, and transparency. 

The insights also shed light on potential methods to improve patient health, enhance the patient experience, and reduce overall healthcare costs. Further, the guidance provides an analysis of self-regulatory options used in other industries, as well as lessons from these models that could be applied to consumer health data. 

Soon after its release, the eHealth Initiative expressed its support for the new framework and noted the privacy group is working with the Center for Democracy & Technology (CDT) on its own consumer data privacy guidance that will build on insights from RWJF and Manatt. 

The project from eHealth and CDT will provide identified pathways to creating consumer data protections, as well as the development of standards meant for companies to adopt to demonstrate their commitment to responsibly handling consumer data. 

“While sweeping new comprehensive federal privacy legislation has long been advocated for by many stakeholders, the reality is that the technology industry is advancing faster than the legislative process,” RWJF and Manatt researchers wrote. 

“Today, we are faced with an increasingly critical need to have strong and comprehensive consumer privacy protection for health data,” they added. “A failure to advance a new privacy framework will likely result in a complex patchwork of competing state-level regulations that will be difficult, if not impossible, to comply with or enforce… or worse.”

Next Steps

Dig Deeper on Health data access & privacy