New Rule Promotes Patient Access But Raises Privacy Concern

March 9, 2020

The Department of Health and Human Services finalized rules that require insurance and healthcare companies to provide patient access to their medical data in a format suitable for cellphones and other electronic devices. However, federal privacy protections under HIPAA no longer apply once patients transfer their data to consumer apps, creating serious risks to medical privacy. The CEO of the American Medical Association warned regulators that "These practices jeopardize patient privacy, commoditize an individual's most sensitive information, and threaten patient willingness to utilize technology to manage their health." Tech firms pushed for these changes. Last year, the Wall Street Journal reported that Google's 'Project Nightingale' intends to amass health data on millions of Americans. There will be a six-month period before the rule goes into effect. EPIC has recommended strong safeguards for medical records in agency comments and briefs for the Supreme Court.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.