Following reports on the Ascension- Google partnership, Sens. Cassidy and Rosen introduced legislation that would prevent companies from data mining personal health data from patients.
Legislation proposed by Sen. Bill Cassidy, R-Louisiana, and Jacky Rosen, D-Nevada, takes aim at big tech companies, by bolstering the privacy of patient health data stored on wearable personal devices.
The Stop Marketing And Revealing the Wearables And Trackers Consumer Health Data Act (Smartwatch Data Act) bans companies that collect data through smart devices and personal health trackers from selling, sharing, transferring, or allowing access to the data without explicit consent.
The proposal comes on the heels of reports that Google has partnered with Ascension to shift the health system’s infrastructure to the cloud and extend tools to improve patient care, among other elements of the initiative dubbed Project Nightingale.
The companies have reiterated the partnership follows HIPAA guidelines. But in response to negative reports, Sen. Mark Warner, D- Virginia and the Department of Health and Human Services are looking into the project details.
For Cassidy and Rosen, the proposed bill is designed to address those privacy concerns, as well as Google’s plan to by FitBit. The combined reports “raise questions about how Google and other companies would use data collected from smart device users.”
As noted by the Senators and other industry stakeholders, HIPAA protects data shared between patients and covered entities. As the regulation was drafted in 2009, it has several privacy gaps that don’t address tech used in the modern digital age – including protections for data shared through third-party apps at the request of the patient.
In June, Sens. Amy Klobuchar, D-Minnesota, and Lisa Murkowski, R-Arkansas, released comprehensive legislation that would create regulation and standards for data not currently covered by HIPAA.
The latest legislation from Cassidy and Rosen covers both biometric and aggregated health data and ensures that consumer-generated health data is treated like traditional health information with the same afforded protections. If passed, the bill would be enforced by HHS in the same function as the agency currently enforces HIPAA.
“The introduction of technology to our healthcare system in the form of apps and wearable health devices has brought up a number of important questions regarding data collection and privacy,” said Rosen, in a statement. “This commonsense, bipartisan legislation will extend existing health care privacy protections to personal health data collected by apps and wearables, preventing this data from being sold or used commercially without the consumer’s consent.”
“The Google/Ascension news has brought needed scrutiny to the security of Americans’ health data,” Cassidy said in a statement. “Smartwatch Act prevents big tech data harvesters from collecting intimate private data without patients’ consent.”
The legislation joins a host of other Congressional proposals designed to bolster consumer data privacy in the increasingly connected digital age. Most recently, the House proposed the establishment of a federal digital privacy agency, while Sen. Ron Wyden, D-Oregon, introduced a bill to empower the Federal Trade Commission with enforcing privacy violations.
Congress has been moving toward closing HIPAA gaps over the last year in the wake of the growing list of massive data breaches, which includes considering a federal privacy law that could supersede the patchwork of state laws. However, stakeholders have suggested that there is a long way to go for a unified bill to pass.
Source: Health IT Security