This week, Sens. Amy Klobuchar (D-Minn.) and Lisa Murkowski (R-Alaska) introduced legislation to strengthen privacy and security protections for consumers’ personal health data, specifically the data involved in DNA testing kits and health tracking apps.
WHAT HAPPENED
The Protecting Personal Health Data Act would require HHS to create standards to protect the sensitivity of genetic data, biometric data and general personal health data, along with standards for consumer devices, services, applications and software that handle personal health data. The legislation also gives consumers the right to access, amend and delete their own health data that third-party companies collect or use.
Additionally, it would create a National Task Force on Health Data Protection that would evaluate and provide concerns about cybersecurity and the risk of violating the privacy of consumers using these consumer health products. According to a statement from Klobuchar and Murkowski’s offices, the Task Force would be further charged with “study[ing] the long-term effectiveness of de-identification methodologies for genetic and biometric data, and advis[ing] on the creation of resources to educate consumers about direct-to-consumer genetic testing.”
WHY IT MATTERS
Nowadays, there are a number of apps within reach of the “install” button for helping individuals with weight loss, smoking, depression, pregnancy monitoring and other health concerns. The Office for Civil Rights also has numerous active investigations on the subject, suggesting deep concerns about the data privacy of app users.
The concern goes beyond the apps. Internet-based services throughout healthcare, such as patient portals serving private health data, could be the target of cyber attacks.
There are regulations and laws enacted by Congress to protect the consumers data. However, these laws are not up-to-date with the advancement of the current technology — the Health Insurance Portability and Accountability Act (HIPAA), for example, was established in 1996, long before the advent of wearable devices, apps, social media sites and DNA testing kits.
THE LARGER TREND
Just a few days ago, HIPAA Journal reported a case in which a woman was awarded $300,000 by an Alabama jury for damages caused by Medical Center Enterprise (MCE) of Alabama after disclosure of her health data to a third party
Meanwhile, investigations published this year in JAMA Network Open and as well as in BMJ also offered evidence of smartphone apps for depression, smoking or other health and wellness focuses are sharing or selling users' data with outside entities.