The concept of a federal consumer privacy framework is something that Congress has worked on for several years in both the House and Senate, but it's never come to fruition.
In episode 9 of Complications: Health Policy Unraveled, host Stephanie Kennan discusses the American Data Privacy and Protection Act (ADPPA), which would, if passed, create a comprehensive federal consumer privacy framework. The goal of the legislation would be to protect consumers from discriminatory use of their data and require entities to use more stringent security measures. Though the House Energy and Commerce Committee is currently revamping legislation, the path to becoming a law is unclear.
Specialty: Stephanie Kennan helps clients navigate the legislative and executive branches of federal government to solve problems involving a variety of healthcare policy issues. Her work focuses on providers, medical device manufacturers, drug manufacturers and associations concerned about Medicare and Medicaid reimbursement.
[1:00] The House Energy and Commerce Committee is revamping legislation to standardize protections of consumer data usage, including requiring reasonable data security measures.
[2:07] While the ADPPA would not cover certain health data already covered by HIPAA or “High Tech”, it would cover a variety of sensitive information such as geolocation data, login credentials, private communications, or healthcare data related to diagnosis or treatment.
[2:46] More and more non-HIPAA covered entities are gaining access to health data all the time, but the ADPPA would regulate the amount of data they can collect on individuals and require explanations for data collection.
[3:14] A recent study identified third-party tracking tools on 99% of abortion clinic websites. Another study found that three-quarters of patients have significant health data and privacy concerns.
[3:40] The ADPPA would charge the FTC with enforcement of its new standards, an agency that has already expressed interest in regulating companies using health data improperly.
[4:35] There is some concern related to a possible conflict between HIPAA’s de-identified data standard and those in the ADPPA. Another concern is the preemption of state laws that already address privacy concerns.
[5:06] Although the House Energy and Commerce Committee has started revisiting the issue and there is support for greater regulation of consumer health data usage, whether the legislation will move forward is still unclear.
[5:35] While Congress considers the ADPPA, the FTC wants to update the health breach notification rule to include digital health apps.
Subscribe to Complications: Health Policy Unraveled in your preferred podcast app and never miss a healthcare update by subscribing to host and JD Supra’s #1 healthcare author Stephanie Kennan’s Washington Healthcare Update at www.mwcllc.com