AMIA Calls for Harmonization of Data Privacy Policies

Nov. 16, 2018
As the lines between consumer and clinical data systems continues to blur, there is a need to harmonize health sector data privacy policy, such as HIPAA, and consumer data policy to develop a new era of privacy policy, according to the American Medical Informatics Association (AMIA).

As the lines between consumer and clinical data systems continues to blur, there is a need to harmonize health sector data privacy policy, such as the Health Insurance Portability and Accountability Act (HIPAA) and consumer data policy to develop a new era of privacy policy, according to the American Medical Informatics Association (AMIA).

AMIA provided written comments last week in response to the National Telecommunications and Information Administration’s Request for Comment (RFC) on the Administration’s approach to consumer privacy. NTIA, an agency within the Department of Commerce, was seeking feedback on ways it can advance consumer privacy while also protecting innovation. The RFC sought feedback on how certain organizational privacy goals and outcomes can be achieved. These outcomes include organizational transparency, user control over personal information, reasonable minimization of data collection, organizational security practices, user access and correction, organizational risk management, and organizational accountability.

In its written comments, AMIA encouraged the Trump administration to closely examine both HIPAA and the Common Rule and develop an explicit goal to harmonize “health sector” and “consumer sector” data privacy policies. The informatics group cautioned the Administration against a patchwork of consumer privacy policies that is already the norm in the health sector.

Jeff Smith, vice president, public policy at AMIA, notes that given the health sector’s experience with HIPAA and the Common Rule, there is a unique opportunity to accomplish two aims with this executive and legislative branch conversation—harmonize health sector data privacy policy with consumer data privacy policy and develop a national forum and framework to allow states flexibility to address local needs and norms.

In its written comments, AMIA noted that differences in the interpretation of HIPAA have led to wild variations in application. The group thus urged the administration to balance the need for both prescriptive process-oriented policies and outcome-oriented policies, writing that “[a]n over-emphasis on vague or difficult-to-measure outcomes without guidance on process will result in the failings of HIPAA – wide variation in interpretation and inconsistent implementation.”

AMIA went on to not only reiterate its support for patients always having access to their data, but advocated extending this principle to other sectors of the economy and elevating it to “a prerequisite condition and central organizing principle from which other outcomes derive.”

Further, while AMIA broadly supported the RFC’s high-level goals, it recommended that the administration also focus on “closing regulatory gaps” that endanger data privacy. Citing a 2016 ONC report, AMIA pointed out that there are health-related technologies that exist outside the scope of HIPAA, Federal Trade Commission (FTC) regulation, or state law. Thus, a truly comprehensive approach to consumer privacy should address these gaps, AMIA wrote.

Finally, AMIA encouraged the administration to take several steps to address data governance and ethical use. It recommended that FTC “develop a framework for organizations to use that supports trust, safety, efficacy, and transparency across the proliferation of commercial and nonproprietary information resources,” in addition to an “ethical framework around the collection, use, storage, and disclosure of the personal information consumers may provide to organizations.”

“We applaud the administration for initiating this long overdue conversation. As the lines between consumer and clinical devices continues to blur, the need for harmonized federal policy becomes more pronounced,” Douglas B. Fridsma, M.D., Ph.D, AMIA President and CEO, said in a statement. “Just as we strive to ensure that patients have access to and control over their data, we must strive to deliver the same for consumers. The administration should learn from the health sector and develop improved privacy policies across all sectors of the economy.”

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...