DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Article: Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers

Posted on August 30, 2010 by Dissent

Barbara J. Evans of the University of Houston Law Center has uploaded a working paper to SSRN, “Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers.” The abstract is:

How much should an insurer or healthcare provider be able to charge when selling people’s personal health data without their permission to a researcher? This question is being addressed now in proceedings to amend the HIPAA Privacy Rule. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 allows such sales but limits pricing to a cost-based fee for data preparation and transmission. The requirement that individuals authorize the release of their data can be waived under existing provisions of the HIPAA Privacy Rule.

This article explains why supplying data to researchers is set to become a profitable line of business for entities that hold large stores of health data in electronic form. Health information systems are a form of infrastructure, and Congress’s cost-based fee for data preparation and transmission echoes pricing schemes traditionally used in other infrastructure industries such as railroads, electric power transmission, and telecommunications. Cost-based fees for infrastructure services, of constitutional necessity, must allow recovery of operating and capital costs including a return on invested capital – in other words, a profit margin.

This fee structure is being launched in an emerging 21st-century research landscape where biomedical discovery will depend more than it has in the past on studies that harness existing stores of data – such as insurance claims and healthcare data – that were created for purposes other than the research itself. This article explores why, in this environment, the new fee structure has the potential to destabilize already-fragile public trust and invite state-law responses that could override key provisions of federal privacy regulations, with devastating consequences for researchers’ future access to data. To avoid this outcome, the cost-based fee must be thoughtfully implemented and accompanied by reform of the HIPAA waiver provision now used to approve nonconsensual use of people’s health data in research. This article identifies specific defects of the existing framework for approving nonconsensual uses of data with the aim of eliciting a wider debate about what the reforms ought to be.

You can download the entire article from SSRN

Evans, Barbara J., Waiving Your Privacy Goodbye: Privacy Waivers and the HITECH Act’s Regulated Price for Sale of Health Data to Researchers (August 23, 2010). Univ. of Houston Public Law and Legal Theory Working Paper No. 2010-A-22. Available at SSRN: http://ssrn.com/abstract=1660582

Related posts:

  • Court: Surviving spouse is "personal representative"
Category: Uncategorized

Post navigation

← MI: Condo Residents Victims Of Identity Theft
Last of identity theft/credit card scammers in Russian scheme is sentenced →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.