Protecting Americans’ Health Information: How to Achieve It?
Several high-profile breaches in recent years have underscored concerns about the privacy and security of consumer health information. In response, America’s Health Insurance Plans executive team and board of physicians developed a “Roadmap for Protecting the Privacy, Confidentiality, and Cybersecurity of Americans’ Health Information and Data.”
“We are fully committed to championing standards and policies that improve health data governance, protect patient privacy and foster trust, and that improve consumers’ access to their data and promote interoperability, ‘health equity and fair practices for the people we serve’, the organization says in a fact sheet announcing the initiative.
Related: HHS Proposes Changes to HIPAA That Would Hold Patients and Providers Accountable
AHIP supports government policies that advance these positions:
- HIPAA or similar requirements should be extended to entities that collect, use, disclose, or store individuals’ health information but are not currently subject to the stringent privacy or security parameters demanded by the industry. Privacy requirements should be designed and enforced in all entities that retain health and health-related information to allow for appropriate communication and sharing of information without diminishing privacy protections.
- Individuals should have access to their health data and be able to easily know how their health information may be shared. Consumers should be informed in a clear, concise and easy to understand manner how to access their personal health information and how it might be used and disclosed.
- Privacy requirements governing private entities should support digital platforms and telehealth in a way that promotes the privacy and security of the information exchanged.
- Privacy requirements must be responsive and evolve to better support digital solutions, meet data collection, security and storage requirements, and cybersecurity risks associated with the transmission of information in time real.
- Confidentiality requirements should evolve to better meet public health requirements. These requirements, coupled with increased communication and coordination between entities, should enable data sharing and automated solutions to support public health authorities.
- The United States should have a national approach to health information privacy and security. A federal standard can help overcome and anticipate a varied patchwork of state laws for a more cohesive approach.
- Laws, regulations, and resulting costs should be analyzed for any resulting benefits before implementing new or changing policies or administrative, technical, and physical controls. Such analysis will help ensure that new policies and controls are proportionate to consumer needs and balance risks and benefits.
- Government policies must recognize that as an industry, health insurance providers have continued to invest in and adhere to strong cybersecurity practices and policies. Information sharing between public and private entities facing threats, attacks or mitigation strategies should be allowed and encouraged.
- Consumer data such as race, ethnicity, religion, sexual orientation, gender identity and disability status should be used to reduce disparities and improve outcomes. The data should not be used to discriminate or have negative effects on any person or community.
“Health insurance providers have been a leader in developing privacy, confidentiality and cybersecurity practices to protect health information,” AHIP said. “And we are committed to not only keeping pace with new trends, developments and solutions, but leading them.”