FTC to Address Gaps in HIPAA Regulations to Better Protect Consumers

Privacy and security are two areas of grave concern in healthcare today due to the high volume of highly personal and sensitive patient data being stored and transferred. With Apps now collecting personal information directly from consumers, The Federal Trade Commission (FTC) is likely to become more involved in security and protection of data; a role usually given to the Department of Health and Human Services.
The Health Insurance Portability and Accountability Act (HIPAA) covers health tech companies and health care providers that have business relationships with each other. Many companies, software developers and tech companies are not part of the health care system and are therefore not covered under the regulations.
Wearables, health apps and a host of other tech collects personal information on patients and the volume of data being collected and stored has raised serious concerns about privacy and security issues. FTC commissioner Julie Brill has recently voiced her concern on the issue. She believes that appropriate security controls and privacy protection must be enforced in order for wearable and mobile technology to achieve its full potential in the U.S healthcare system.
The FTC is now reviewing privacy and security with Brill looking to ensure that health app developers and wearable manufacturers are clear about the data collected; how it is stored and how it will be used and that this must be communicated to consumers.
There has been much speculation about the cause of the delay to Apple’s HealthKit launch, with some camps believing the data security to be the issue. The company certainly understands the importance of secure data storage to keep sensitive data private and a delay is better than a security breach.
Brill believes congress can play an important role in ensuring innovation in healthcare is encouraged and that new products and services are developed to better serve patients and health care providers, although appropriate legislation on privacy and data security must be enacted to protect the health data of consumers. Brill is not the only voice calling for congress to take action. Reps. Tom Marino (R-Penn.) and Peter DeFazio (D-Ore) have also written to congress requesting closer collaboration with app developers in the healthcare field to ensure compliance with data privacy laws.
The App Association represents over 5,000 software development companies, many of which are looking to take advantage of the opportunities in healthcare. It is pushing for greater clarity and simplification of data privacy laws which it believes can hold back innovation and development. Over-regulating the industry has potential to put barriers in the way of developers, with the App Organization preferring a more flexible approach. It is calling for both the public and private sector to work together to develop best practices to adopt.
Should the FTC decide to restrict and heavily regulate health data collection it could cause serious problems for existing health app developers who already collect health data on patients and app users and could prevent start ups from bringing new products to the market.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.