Should Health Lawyers Pay Attention To The Administration’s Privacy Bill?

Health care lawyers justifiably ignored the 2012 Obama administration consumer privacy framework because it expressly and broadly exempted entities subject to HIPAA, stating “To avoid creating duplicative regulatory burdens, the Administration supports exempting companies from consumer data privacy legislation to the extent that their activities are subject to existing Federal data privacy laws.” In contrast, the administration’s 2015 draft bill, the Consumer Privacy Bill of Rights Act, though based on that framework, substantially affects health care entities, including those subject to HIPAA, and so demands more attention in the health law community. The “HIPAA clause” in the draft bill is subtly different (and noticeably narrower than its preemption of state law clause): “If a covered entity is subject to a provision of this Act and a comparable provision of a Federal privacy or security law [the list includes HIPAA] such provision of this Act shall not apply to such person to the extent that such provision of Federal privacy or security law applies to such person.” The “provision” wording is key; most of the key substantive provisions in the draft bill—those going to consent, withdrawal of consent, context, and data minimization—do not crosswalk to any comparable provisions in HIPAA. For HIPAA mavens this has the potential of “more stringent than” all over again, but at a higher stakes table. (For nonmavens, this refers to questions r...
Source: Health Affairs Blog - Category: Health Management Authors: Tags: All Categories Big Data Business of Health Care Connected Health Consumers Health IT Health Law Policy Technology Source Type: blogs