Security News > 2020 > January > Long-Awaited HHS Data Sharing Rules Raise Privacy Worries

As the wait continues for federal regulators to issue final rules for health IT interoperability and information blocking prevention, some industry stakeholders are raising serious concerns about the privacy of patient data accessed and shared using application programming interfaces and mobile consumer apps.

While some skeptics suspect that some of the concerns expressed by Epic could be driven, in part, by competitive fears involving providing consumer app vendors access to patient health records, others say Epic's privacy worries are also legitimate.

Privacy attorney Kirk Nahra of the law firm WilmerHale says that "There is clearly an important set of privacy and security challenges" involving APIs and consumer apps used to access patient health data.

Privacy attorney Deven McGraw, chief regulatory officer at Ciitizen, a California-based company that helps provide consumers collect and share their health data, notes that mobile apps are not regulated by HIPAA but instead by the Federal Trade Commission, "Which means apps can be held accountable for whether or not they are transparent to users about their data practices, and whether they are upholding commitments they are making to users with respect to data - but many perceive that to be pretty 'weak tea' from a regulatory standpoint."

Citing privacy concerns as a reason to halt or slow the finalization of the proposed rules "Ignores that access to data is a component of fair information practices, the foundation for all privacy law," McGraw says.

News URL

https://www.inforisktoday.com/long-awaited-hhs-data-sharing-rules-raise-privacy-worries-a-13671