June 19, 2020
Maverick Health Policy
Only What Matters On Health Information Policy
If no one is listening to your great ideas about how to fix the health care system, the federal government is your new best friend.
Health systems will have a report to review soon to help them decide what certified health IT products to buy. The Office of the National Coordinator for Health IT (ONC) contracted with the Urban Institute, and its subcontractor, HealthTech Solutions, to develop an EHR Reporting Program to provide publicly available, comparative information on certified health IT products. ONC is soliciting comments until August 10 on draft criteria for the Electronic Health Record Reporting Program. Submissions accepted here.
The Federal Trade Commission (FTC) is requesting public comment on its Health Breach Notification Rule -- the one created to make sure that vendors notify people when their personal health records are accidentally disclosed or stolen. By August 20, the FTC is hoping to hear from stakeholders about several topics, including what changes should be made to the rule and how it overlaps or conflicts with additional federal, state, or local laws.
U.S. Senate HELP Committee Chairman Lamar Alexander is looking for comments by June 26, on his Post-Pandemic Recommendations, including how to handle the tricky privacy issues between HIPAA v. non-HIPAA health data and the need to improve public health data systems.
One Thoughtful Paragraph
As we try to get back to work safely and otherwise begin resuming normal life, mask-wearing is the only solution that doesn’t invoke a privacy debate. Employers and states want to use virus tracking apps, community health providers need to share information, and people are showing up at random test sites in parking lots to make sure they don’t have COVID-19 -- but all of the links in this sentence are about the privacy problems associated with these activities. Unfortunately, Congress is only considering how to muddy the waters (the Washington Post aptly calls it a “scramble to adopt new privacy protections”). Rather than create a comprehensive, long-term data policy that encourages necessary modern tools while protecting the privacy and security of information, there are three leading, well-intentioned proposals (here, here, here) that will temporarily create a confusing set of rules. Maverick Health Policy understands that HIPAA doesn’t cover many of these new data-tracing apps, but the solution is NOT to create a new cafeteria of privacy rules. Not only would these laws be time-limited to address COVID-19 issues, but (and we are generalizing for the sake of one-thoughtful-paragraph limitations) people would be allowed to “opt-out” or revoke consent for legitimate public health needs (um, how is THAT helpful?), states would be allowed to enforce privacy laws according to their own Attorney General’s version of what is best (so… your health data is protected in Minnesota but not when you visit your family in Texas?) and will create a wonderful new way for plaintiff’s attorneys to buy that new boat they’ve been eyeing because there is a private right of action baked into some of these proposals. Thankfully, there are organizations and coalitions hard at work to develop policies that make more sense.