A good part of the first-ever virtual AIMed conference – AIMed Cardiology took place last week focused on data. Specifically, critiquing information deriving from electronic health records (EHRs) are not analysis-ready and if there can be efficient ways to process data without creating additional cognitive burdens on human. We are not the only ones; recently, data, especially health data privacy was also on the plate of the Capitol Hill.
New health data privacy bills
Health data privacy is often debated but action is seldom taken. The arrow tends to be pointing at tech giants who are getting hold onto a large amount of patient information through their collaborations with health institutions or inventions of smartphone applications and devices. However, the ongoing COVID-19 pandemic is changing the game.
Lawmakers in the US are now pushing for new bills to protect health data associated with coronavirus responses. In spite of the move, it remains uncertain if a divided Congress will arrive at a consensus on how data that are gathered via digital contact tracing tools or for the purpose of combating coronavirus should be regulated.
In the month of May alone, three bills – “To protect the privacy of consumers’ personal health information, proximity data, device data, and geolocation data during the coronavirus public health crisis”; “To protect the privacy of health information during a national health emergency”, and “To create a Coronavirus Containment Corps” – were put forward to safeguard data that fall outside of Health Insurance Portability and Accountability Act (HIPAA).
At the moment, HIPAA only covers data used within medical facilities and among their business associates. Since it was first passed in 1996, there’s no way lawmakers could have foreseen the arrival of the digital era and how big tech companies are posing new threats to health data privacy.
How broad should these new bills cover?
As such, the three new bills are regarded as closing the HIPAA loophole, by fostering new data standards on how patient information should be stored, de-identified and shared. The next question thus becomes, how broad should these new bills cover? Besides, should the bills override existing privacy laws at the state level?
One of the three new bills concerned only the private sector, preventing them from trading, marketing or profiting from individuals’ COVID-19 data. The other affects both the government and private entities. One of the bills also took an additional step to put a halt on possible discriminations. No document should expose someone if they are immune to COVID-19 or not. This will ensure no one is being denied of services offered by shops, restaurants or other businesses.
There is also the question on whether these bills should also take into account of information that are already made public. Again, only one of the three new bills said yes it will. Indeed, one may argue these are only bills that have yet to become laws. Nevertheless, looking at how quickly a virus is taking over the world, perhaps we are already falling behind health data privacy protection.