As of May 21, 2015, the House Committee on Energy and Commerce has officially pushed forward the bill calling for the Secretary of Health and Human Services to “revise and clarify” the HIPAA Privacy Rule’s contingencies on the application and release of PHI (protected health information) for research purposes. Next, the legislation is on its way to meet the full House of Representatives. We wanted to use our expertise in the situation to briefly explain what this means for digital health companies.
Under present HIPAA Privacy Rule standards, PHI can be used and shared by covered entities for healthcare payment, treatment, and operations without the need for patient consent. But if this legislation is to be passed, patient authorization will not be needed for the disclosure of PHI for research intents as well if business associates or covered entities are involved. This modern provision aims to accelerate the rate of research, which could lead to breakthroughs in modern medicine, devices, and treatments by removing previous hindrances. But there are those in opposition to these HIPAA proposals voicing their concern for the relaxed direction and feel this could pose concerning patient data.
You may be wondering why these privacy advocates are fighting so passionately since furthering research is generally a desired notion. But looking further into the bill sheds light on these actions. Upon review, one can find the promotion for advancements in precision medicine (personalized medicine) which will incontrovertibly require highly personalized, hypersensitive, and identifiable data, which many patients will likely want sovereignty over. An alternative being considered is to make revisions to the bill outlining guidelines that call for de-identification requirements so individuals will not be able to contacted or identified.
Another provision made in this legislation requests for the penalizing of vendors who fail to meet requirements for secure and interoperable information exchange, something our business partners at Catalyze will never have to concern themselves with. Our number one concern is compliance so that theirs doesn’t have to be.
So what next?
The bill is headed for the House of Representatives and if the House passes, the legislation will head directly to the Senate. You can expect that all implications towards these privacy provisions will be heavily scrutinized before passing into effect. Stay tuned as we stay up-to-date on next actions concerning this legislation and all things HIPAA related!