In comments filed last week, the American Medical Informatics Association (AMIA) encouraged the Trump administration to closely examine both HIPAA and the Common Rule and develop an explicit goal to harmonize “health sector” and “consumer sector” data privacy policies. The nation’s leaders in health informatics and data health science cautioned the administration against a patchwork of consumer privacy policies that is already the norm in the health sector.
The National Telecommunications and Information Administration (NTIA), an agency within the Department of Commerce, issued a Request for Comment (RFC) in September on how it can advance consumer privacy while also protecting innovation. The RFC sought feedback on how certain organizational privacy goals and outcomes can be achieved. These outcomes include organizational transparency, user control over personal information, reasonable minimization of data collection, organizational security practices, user access and correction, organizational risk management, and organizational accountability.
AMIA noted that differences in the interpretation of HIPAA have led to wild variations in application. The group thus urged the administration to balance the need for both prescriptive process-oriented policies and outcome-oriented policies, writing that “[a]n over-emphasis on vague or difficult-to-measure outcomes without guidance on process will result in the failings of HIPAA – wide variation in interpretation and inconsistent implementation.”
AMIA went on to not only reiterate its support for patients always having access to their data, but advocated extending this principle to other sectors of the economy and elevating it to “a prerequisite condition and central organizing principle from which other outcomes derive.”
Further, while AMIA broadly supported the RFC’s high-level goals, it recommended that the administration also focus on “closing regulatory gaps” that endanger data privacy. Citing a 2016 ONC report, AMIA pointed out that there are health-related technologies that exist outside the scope of HIPAA, Federal Trade Commission (FTC) regulation, or state law. Thus, a truly comprehensive approach to consumer privacy should address these gaps.
Finally, AMIA encouraged the adminustration to take several steps to address data governance and ethical use. It recommended that FTC “develop a framework for organizations to use that supports trust, safety, efficacy, and transparency across the proliferation of commercial and nonproprietary information resources,” in addition to an “ethical framework around the collection, use, storage, and disclosure of the personal information consumers may provide to organizations.”
“We applaud the administration for initiating this long overdue conversation. As the lines between consumer and clinical devices continues to blur, the need for harmonized federal policy becomes more pronounced,” said Douglas B. Fridsma, MD, PhD, FACP, FACMI, AMIA President and CEO. “Just as we strive to ensure that patients have access to and control over their data, we must strive to deliver the same for consumers. The administration should learn from the health sector and develop improved privacy policies across all sectors of the economy.”
AMIA, the leading professional association for informatics professionals, is the center of action for 5,500 informatics professionals from more than 65 countries. As the voice of the nation’s top biomedical and health informatics professionals, AMIA and its members play a leading role in assessing the effect of health innovations on health policy, and advancing the field of informatics. AMIA actively supports five domains in informatics: translational bioinformatics, clinical research informatics, clinical informatics, consumer health informatics, and public health informatics.