As health data privacy concerns heat up to a boiling point on multiple fronts, it’s more essential than ever that patients get a clear opportunity to make a choice about whether their data is shared, says privacy advocate Twila Brase, who heads the Citizens’ Council for Health Freedom.
“This is a scary time for patients,” she says in an interview with Information Security Media Group.
Meanwhile, federal regulators – to carry out a 21st Century Cures Act goal to drive medical innovation and improve patient care – are proposing standards that promote the use of application programming interfaces and consumer health apps to give patients access to their own health data from electronic health records (see: Long Awaited HHS Data Sharing Rules Raise Privacy Worries).
All of those efforts raise serious privacy risks, Brase says.
Concerns About Patient Privacy
Speaking about the research projects involving Ascension, Mayo, Google and others, she says: “Our greatest concern is that these entities are planning to data mine this private, digitally identifiable information for their own purposes.”
When it comes to consumer health applications, most of those products will not likely fall under the HIPAA privacy and security regulatory authority of the Department of Health and Human Services, but rather the purview of the Federal Trade Commission, Brase says. But either way, patients’ health data privacy is still in jeopardy because individuals have little legal control over how their data is shared and used, Brase contends.
“Putting apps … under HIPAA does nothing for privacy except deceive the American public that they have privacy because of HIPAA. So, I think we need to go back to the right direction of [requiring] patient consent for the ‘regular’ sharing of data that’s happening right now, and go toward consent for apps and APIs – written, voluntary consent,” she says.
“It’s up to the American people to decide where and how they want to share their information,” she stresses. “If they want to use apps to share their information, they should be able to do so. The problem is that they all think they’re protected by HIPAA when they’re all very unprotected by HIPAA today.”
In the interview (see audio link under photo), Brase also discusses:
- Changes needed in informed consent requirements;
- Privacy concerns involving de-identified patient health information;
- Changes she would like to see made to the HIPAA regulations;
- Other emerging health data privacy concerns.
Brase, a registered nurse, is president and co-founder of Citizens’ Council for Health Freedom, a national nonprofit established more than 20 years ago in Minnesota to support healthcare choices. She is also author of the book, “Big Brother in the Exam Room: The Dangerous Truth About Electronic Health Records”, which was published in July 2018.