Safeguarding Americans' health information: How do we get there?
AHIP has released a roadmap of proposals to better protect the health information of Americans.
Several high-profile breaches in recent years have underscored concerns about the privacy and security of consumers’ health information. In response, America’s Health Insurance Plans’ medical officers leadership team and board of directors have developed a comprehensive “Roadmap for Protecting Americans’ Privacy, Confidentiality and Cybersecurity of Health Information and Data.”
“We are fully committed to advocating for standards and policies that improve health data governance, protect patient privacy and foster trust, and that enhance consumer access to their data and promote interoperability, health equity and fair practices for the people we serve,” the organization said in a fact sheet announcing the initiative.
Related: HHS proposes changes to HIPAA that would empower patients and providers
AHIP supports government policies that advance these positions:
- HIPAA or similar requirements should be expanded to entities that collect, use, disclose or store individuals’ health information but currently are not subject to the rigorous privacy or security parameters that the industry requires. Privacy requirements should be designed and applied across all entities maintaining health and health-related information to allow appropriate communication and sharing of information without reducing privacy protections.
- Individuals should have access to their health data and be able to easily know how their health information may be shared. Consumers should be informed in a way that is clear, concise and easy to understand about how to access their personal health information and how it could be used and disclosed.
- Privacy requirements governing private entities should support digital platforms and telehealth in a way that promotes the privacy and security of information exchanged.
- Privacy requirements should be responsive and evolve to better support digital solutions, addressing data collection, security and storage requirements, as well as the cybersecurity risks of transmitting real-time information.
- Privacy requirements should evolve to better support public health requirements. These requirements, coupled with increased communication and coordination among entities, should allow data sharing and automated solutions to support public health authorities.
- The United States should have a national privacy and security approach for health information. A federal standard can help overcome and preempt a varied patchwork of state laws for a more cohesive approach.
- Laws, regulations and resulting costs should be analyzed for any resulting benefits before new or changing administrative, technical and physical policies or controls are implemented. Such an analysis will help ensure that new policies and controls are commensurate with consumers’ needs and balance risks and benefits.
- Government policies should recognize that, as an industry, health insurance providers have continued to invest in and adhere to strong cybersecurity practices and policies. Information sharing among public and private entities facing threats, attacks or mitigation strategies should be allowed and encouraged.
- Consumer data such as race, ethnicity, religion, sexual orientation, gender identity and disability status should be used to reduce disparities and improve outcomes. Data should not be used to discriminate or have adverse impacts on a person or community.
“Health insurance providers have been a leader in developing privacy, confidentiality and cybersecurity practices to protect health information,” AHIP said. “And we are committed not just to keeping pace with new trends, developments and solutions — but leading them.”
Read more: