current law: health care big data kirk j. nahra wiley rein llp washington, d.c. 202.719.7335...
Post on 14-Dec-2015
212 Views
Preview:
TRANSCRIPT
Current Law: Health Care Big Data
Kirk J. Nahra
Wiley Rein LLP
Washington, D.C.
202.719.7335
KNahra@wileyrein.com
@kirkjnahrawork
(Dec. 8, 2014)
The Problem
• HIPAA has never covered all health care data• Explosion in mobile apps, web sites, PHRs and
other areas have made the gaps much bigger• Health care entities are now using a broader
range of “non-health” data for health care purposes.
• So what kinds of protections are available for this “non-HIPAA” data?
Page 2
The FTC Act
• The FTC has broad authority in general to “prevent . . . unfair or deceptive acts or practices.”
• No regulations in this area• FTC has developed enforcement of data security
standards (although these are under challenge)• FTC has not to date undertaken broad “privacy”
enforcement in the healthcare area
Page 3
The FTC Act
• FTC clearly can take enforcement action against statements that are not true – e.g., privacy notices that mis-state what is being done with info.
• Is there an ability to go more broadly against “unfair” practices? What would those be?
Page 4
FCRA
• Regulates consumer reporting agencies (primarily) in connection with credit, employment and insurance.
• Consent required to report medical information for these purposes (with some disclosure for medical debts)
• Prohibitions on using medical information for credit purposes (except for debt issues)
Page 5
Problems today
• No clear “privacy” standards for FTC other than truly egregious behavior
• FCRA of important but very limited relevance
• State law is confusing, often outdated and seldom enforced
• Substantial open gaps in protections for data that is not clearly within the HIPAA structure
• Becoming harder to define what “healthcare data” is.
Page 6
Next Steps
• 3 Main Options• Something specific for this non-HIPAA health
care data• Something that covers all health care data (a
“general” HIPAA) – either through HIPAA or otherwise
• A broader overall privacy law (with or without a HIPAA carve-out)
Page 7
Questions?
For further information, contact: •Kirk J. Nahra
Wiley Rein LLP202.719.7335Knahra@wileyrein.com@kirkjnahrawork
•Subscribe (for free) to Privacy in Focus - http://www.wileyrein.com/publications.cfm?sp=newsletters
Page 8
top related