HITPC approves recommendations that drive better understanding of big data's privacy issues

More understanding of the privacy and security issues surrounding big data is needed to advance a learning healthcare system, according to the Health IT Policy Committee’s Privacy & Security Work Group.

Stanley Crosley, of Drinker Biddle & Reath law firm and co-chair of the group, presented the work group’s recommendations to the committee during its Aug. 11 meeting.

The group encourages the Office of the National Coordinator for Health IT (ONC) and other federal stakeholders to hold more public inquiries to increase understanding. “There is a lot of conversation around privacy but understanding much of the harm we’re trying to prevent still remains elusive,” Crosley said. “It would benefit policymakers to know more about the harms consumers are concerned about and make sure they’re taking steps to address those harms.”

The work group also is pushing voluntary codes of conduct, Crosley said, but they have to be credible and include transparency and accountability. “Along with that, we believe this will only work if there is good dialogue between the [Department of Health and Human Services], the FTC and other federal regulatory groups and other stakeholders developing these codes as they quickly establish the rules of the road.”

In its report, the work group also added consideration of the use of community risk assessment review boards as part of process, Crosley said. “We see that as a potential way to improve a code of conduct that may not in itself be strenuous enough.

“We want to promote the responsible reuse of data and contribute to generalizable knowledge.”

The work group was adamant about individuals’ right to access their data--even if they are never used. “It’s a very important right an individual should have,” he said. Their recommendations include protection of data that moves outside of entities covered by HIPAA.

The landscape is very complex with data moving from the HIPAA to the non-HIPAA environment and the interoperability necessary to achieve all the advantages of big data, Crosley said. “We’re on a continuing quest to educate consumers about the actual limits of legal protection and the best protections to protect the privacy and security of health information.”

Recommendations also covered improving trust and reducing the risk of reidentification, which was a “significant undertaking by the work group,” he added. “We were trying to understand what has occurred before, looking to other activities and incorporating as much as possible. The recommendations come down very strongly on the Office of Civil Rights needing to be a more active steward of the HIPAA deidentification standards.” That includes ongoing review of methodology, input from third-party experts and updating methodologies and policies. “It’s going to be a very vibrant, fluid environment. For the regulations to be meaningful both in robustness and in the ability to utilize data, the OCR needs to be an active steward.”

The work group supports the secure use of data for a learning health environment and voluntary codes of conduct to address robust security provisions. “Baseline security is really the table stake to utilize health information whether inside the HIPAA environment or outside.” Rather than legislation, Crosley said the work group prefers voluntary codes of conduct coupled with education of stakeholders about cybersecurity improvement and incentives for the use of privacy-enhancing technologies.

The committee approved the work group’s recommendations.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.