It’s a new year with new challenges. 2020 might be shaking the healthcare industry with new privacy laws and regulations. New rules, new challenges. The Department of Health and Human Services (HHS) intends to spend 2020 working on rules tackling privacy issues such as cybersecurity and patients’ right to their data.
Healthcare privacy is complex. There is a delicate balance between keeping patient data secure and sharing it. Rules allowing patients to have free access to their health data can conflict with Health Insurance Portability and Accountability Act (HIPAA) or state laws to protect privacy. This might cause concerns about HIPAA violations, resulting in under-sharing of information or oversharing to avoid data blocking.
A huge challenge is the increased development of health-related information created, gathered and collected outside of the scope of the HIPAA rules, such as mobile apps, wearables, personal health records, etc. This information is generally not subject to HIPAA.
California is addressing this “non-HIPAA” issue by the new California Consumer Privacy Act (CCPA). As Kirk J. Nahra, a privacy and cybersecurity partner at WilmerHale in Washington, D.C., explains, “companies that handle health data in California will have to comply with three laws in 2020: HIPAA, the California Confidentiality of Medical Information Act (which applies to certain technology companies that are not regulated by HIPAA), and the newest privacy provisions under the California Consumer Privacy Act, which take effect January 1, 2020.”
The California Consumer Privacy Act is now officially in effect, with Colorado and New York following the template. New York also hopes to pass a new law with privacy requirements that the industry says go further than California’s.
An important element of CCPA is the right for consumers to access the data an organization holds on them, creating the need for healthcare organizations to be able to track where data is going within the continuum of care and to ensure information sharing is compliant.
CCPA allows patients to decline the sale of their data and gives them the right to sue if their information is stolen due to an organization’s negligence. Organizations that haven’t previously had to comply with laws such as HIPAA are now challenged with compliance.
Patients are increasingly aware of their data privacy rights through HIPAA. At the same time, healthcare organizations have never faced a more complex privacy landscape. In 2020, the wave of state-level legislation will probably move forward.
The emphasis should be on clarity and an approach that benefits both patients and the healthcare industry. Patients need to understand the rules that apply to their health information.