CONFIDENTIALITY COALITION ACTIVITY

In October, the administration released its Fall Unified Agenda of Regulatory and Deregulatory Actions and is considering rulemaking on the Health Insurance Portability and Accountability Act (HIPAA).  It is anticipated that the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) will release a request for information (RFI) to solicit views on barriers to coordinated care imposed by HIPAA rules and an RFI on the distribution and disclosure of civil monetary penalties to those harmed by HIPAA violations.  Additionally, OCR is considering changes to the HIPAA privacy rule regarding uses and disclosures of protected health information in an effort to address the opioid epidemic.  In Congress, privacy continues to be a top priority. The Senate Committee on Commerce, Science, and Transportation has held several hearings on consumer privacy and has begun work on a new national privacy framework.  The Food and Drug Administration (FDA) has made efforts to strengthen the agency’s medical device cybersecurity program, issuing draft guidance for medical device cybersecurity.

2018

November

  • The coalition cosigned a letter from the Partnership to Amend 42 CFR Part 2 to the Senate Committee on Health, Education, Labor and Pensions (HELP) urging Senate leadership to bring the “Overdose Prevention and Patient Safety Act (OPPS),” H.R. 6082 to the Senate floor for a vote during the lame-duck session.
  • The coalition wrote to the National Telecommunications and Information Administration (NTIA) responding to a request for comment on Developing the Administration’s Approach to Consumer Privacy.
  • The coalition wrote to the Federal Communications Committee (FCC) urging the FCC to consider modernizing the Telephone Consumer Protection Act (TCPA), seeking alignment between the TCPA and HIPAA on what constitutes a permissible communication based on the type of consent or authorization given.
  • The coalition remains actively involved in discussions with Congress on aligning federal confidentiality regulations for substance abuse (42 CFR Part 2) with HIPAA to allow appropriate access to patient information that is essential for providing comprehensive care.

October

  • The coalition wrote to the Senate Committee on Commerce, Science, and Transportation supporting its hearing on “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act.”  Technology experts and privacy advocates testified before the committee.
  • The coalition met with majority and minority staff at the Senate Commerce Committee to discuss its plans to address healthcare-related privacy policies as they relate to the committee’s work on a new national privacy framework.

August

  • The coalition recirculated its 2011 HIPAA accounting of disclosures survey questions to members. The survey questions seek to calculate the impact of a broadened requirement to account for all disclosures of protected health information by HIPAA-covered entities (i.e., hospitals, clinics, health plans, and pharmacies).  Certain results of the survey will be shared with OCR as the agency promulgates the revised proposed rule on HIPAA accounting of disclosures.
  • In anticipation of a forthcoming OCR RFI on HIPAA, the coalition has gathered feedback on suggested ways to simplify the HIPAA notice of privacy practices, as well as to suggest if and how to best address the sharing of monetary rewards with consumers harmed by a HIPAA violation (a requirement of the 2009 HITECH Act).

July

  • The coalition hosted Leavitt Partners, a cofounder of the CARIN (Creating Access to Real-time Information Now) Alliance, a nonpartisan, multisectoral alliance dedicated to uniting industry leaders to advance consumer access to digital health information. CARIN Alliance focuses heavily on non-HIPAA-covered digital outlets generating health data, which have few standards or guidelines specifying a governance process for apps.
  • The coalition met with the staff of OCR, including Tim Noonan, OCR’s acting deputy director for health information privacy, to discuss the coalition’s policy priorities and OCR’s regulatory priorities.

June

  • The coalition submitted a statement for the record for the House Energy and Commerce Subcommittee on Communications and Technology hearing on the TCPA. The coalition emphasized that the TCPA often serves as an obstacle to improved patient care coordination because the TCPA does not reflect changes in how health plans, providers, patients, and other stakeholders communicate through text messaging.  The coalition seeks alignment between the TCPA and HIPAA on what constitutes a permissible communication based on the type of consent or authorization given.
  • The coalition wrote to the House Energy and Commerce Committee responding to the committee’s RFI on legacy technology challenges to address cybersecurity threats in the healthcare sector and provided thoughts regarding two potential methods to incentivize solutions to current cybersecurity vulnerabilities in healthcare.
  • The coalition cosigned a letter from the Partnership to Amend 42 CFR Part 2 in support of H.R. 6082, the “Overdose Prevention and Patient Safety Act (OPPS),” in advance of the full committee vote. R. 6082 would align federal privacy standards for substance use disorder patient records more closely with standards under HIPAA.
  • The coalition cosigned a letter from the Partnership to Amend 42 CFR Part 2 to Representatives Markwayne Mullin (R-OK) and Earl Blumenauer (D-OR) thanking them for their support for H.R. 5795, the “Overdose Prevention and Patient Safety Act (OPPS),” before the Energy and Commerce subcommittee vote. R. 5795 would align federal privacy standards for substance use disorder patient records more closely with standards under HIPAA.

May

  • The coalition met with the staff of the Office of the National Coordinator (ONC), including ONC Chief Privacy Officer, Kathryn Marchesini, to discuss patient and research access to health information through improved health data flow.
  • The coalition hosted Jane Thorpe, J.D., Associate Professor and Vice Chair for Academic Affairs in Health Policy and Management at The George Washington University, who discussed ONC’s new legal and ethical architecture for patient-centered outcomes research (PCOR) data.

April

  • The coalition hosted Carson Martinez, from the Future of Privacy Forum, to discuss popular health apps and privacy policies and potential best privacy practices.
  • On behalf of the Confidentiality Coalition, HLC participated in a meeting hosted by the White House Office of American Innovation that focused on interoperability, privacy, and data security. This meeting led to the announcement by Center for Medicare and Medicaid Services (CMS) Administrator Seema Verma of the MyHealthEData initiative, which includes “Blue Button 2.0,” an app program that allows Medicare beneficiaries access and sharing of their health data in a universal digital format.
  • The coalition collaborated with healthcare stakeholders committed to aligning federal confidentiality regulations for substance abuse (42 CFR Part 2) with HIPAA to allow appropriate access to patient information that is essential for providing comprehensive care. The group advocates with Congress and the administration to apply HIPAA privacy standards to a patient’s entire medical record, including addiction records, to ensure that providers and organizations have all the information necessary for safe, effective, high-quality treatment and care coordination.
  • In support of the Confidentiality Coalition, HLC regional directors held in-district meetings with congressional district staff to support the “OPPS Act.”

March

  • Coalition staff presented at the 2018 HIPAA Summit on “HIPAA and the Telephone Consumer Protection Act: What Risks Loom in Contacting Patients by Phone and Text Messages?”.
  • The coalition wrote to the House Energy and Commerce Committee, House Ways and Means Committee, and the Senate Committee on Health, Education, Labor and Pensions (HELP) to express the coalition’s concerns regarding H.R. 4613, the “Ensuring Access to Patient Healthcare Records Act.” The coalition urged the committees to undertake a new approach to increase access to patient data to help support medical care and improve healthcare payment models.  R. 4613 would substantially alter HIPAA privacy protections.
  • The coalition hosted Linda Kloss, Chair of the Subcommittee on Privacy, Security, and Confidentiality at the NCVHS, to provide an overview of NCVHS’s “Beyond HIPAA” initiative.

February

  • The coalition hosted Greg Garcia, Executive Director for Cybersecurity of the Healthcare Sector Coordinating Council (HSCC), as a guest speaker to discuss the recently formed council, its mission, and objectives. HSCC is a cross-sectoral coordinating partnership convening companies, nonprofits, and associations across subsectors within HHS, Department of Homeland Security (DHS), law enforcement, and the intelligence community.  Coalition members discussed relevant HSCC task groups to join.

 

Use the menu on the right to view activity from prior years.