Privacy Framework Proposed to Address HIPAA GapsJennifer Covich Bordenick of eHealth Initiative Seeks Feedback on Proposal
The eHealth Initiative and the Center for Democracy and Technology are seeking feedback on their draft privacy framework that addresses gaps in legal protections for consumer health data falling outside of HIPAA's regulatory umbrella, says eHI CEO Jennifer Covich Bordenick.
"Most consumers recognize that there really is no way to manage and track all of the data they have out there - all of the groups, systems and companies that are capturing, storing and using their health information," she says in an interview with Information Security Media Group.
"So we wanted to create a framework to address that defines what health information is, comes up with rules and standards for how it should be protected and comes up with a model for how to really hold companies accountable."
The voluntary framework calls for prohibiting companies from using consumer health data for purposes the consumer did not request or expect, she says.
"A company that is helping you track your ancestors online can't turn around and use your data for something completely different, like marketing drugs to you. It has to be used for what you expected [the data] to be used for."
The framework also calls for limiting the amount of consumer health information that can be collected, disclosed or used to only what is necessary to provide the product or feature a consumer requested, she adds. "If a company is selling you a wearable device, they can't then collect data about what medications you're taking because that's not necessary."
The eHI and CDT are accepting public comment on the proposed framework until Sept. 25. The feedback will be considered as the groups hammer out the next iteration of the framework, she says.
In the interview (see audio link below photo), Bordenick also discusses:
- Other issues the privacy framework aims to tackle;
- How the framework compares with other privacy frameworks;
- Who should potentially use the framework and how it can be applied;
- Next steps for the framework and other privacy and security projects in the works by eHI.
Bordenick is CEO of eHealth Initiative and Foundation, a nonprofit health IT advocacy and research group. She is a member of the HL7 board of directors and is also former co-chair of the Department of Health and Human Services' Federal Health Information Technology Policy Committee's strategy and innovation workgroup.