current law: health care big data kirk j. nahra wiley rein llp washington, d.c. 202.719.7335...

8
Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 [email protected] @kirkjnahrawork

Upload: clyde-dixon

Post on 14-Dec-2015

212 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

Current Law: Health Care Big Data

Kirk J. Nahra

Wiley Rein LLP

Washington, D.C.

202.719.7335

[email protected]

@kirkjnahrawork

(Dec. 8, 2014)

Page 2: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

The Problem

• HIPAA has never covered all health care data• Explosion in mobile apps, web sites, PHRs and

other areas have made the gaps much bigger• Health care entities are now using a broader

range of “non-health” data for health care purposes.

• So what kinds of protections are available for this “non-HIPAA” data?

Page 2

Page 3: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

The FTC Act

• The FTC has broad authority in general to “prevent . . . unfair or deceptive acts or practices.”

• No regulations in this area• FTC has developed enforcement of data security

standards (although these are under challenge)• FTC has not to date undertaken broad “privacy”

enforcement in the healthcare area

Page 3

Page 4: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

The FTC Act

• FTC clearly can take enforcement action against statements that are not true – e.g., privacy notices that mis-state what is being done with info.

• Is there an ability to go more broadly against “unfair” practices? What would those be?

Page 4

Page 5: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

FCRA

• Regulates consumer reporting agencies (primarily) in connection with credit, employment and insurance.

• Consent required to report medical information for these purposes (with some disclosure for medical debts)

• Prohibitions on using medical information for credit purposes (except for debt issues)

Page 5

Page 6: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

Problems today

• No clear “privacy” standards for FTC other than truly egregious behavior

• FCRA of important but very limited relevance

• State law is confusing, often outdated and seldom enforced

• Substantial open gaps in protections for data that is not clearly within the HIPAA structure

• Becoming harder to define what “healthcare data” is.

Page 6

Page 7: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

Next Steps

• 3 Main Options• Something specific for this non-HIPAA health

care data• Something that covers all health care data (a

“general” HIPAA) – either through HIPAA or otherwise

• A broader overall privacy law (with or without a HIPAA carve-out)

Page 7

Page 8: Current Law: Health Care Big Data Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork (Dec. 8, 2014)

Questions?

For further information, contact: •Kirk J. Nahra

Wiley Rein [email protected]@kirkjnahrawork

•Subscribe (for free) to Privacy in Focus - http://www.wileyrein.com/publications.cfm?sp=newsletters

Page 8