Odia Kagan of Fox Rothschild writes:
A new bill, proposed by Bill Cassidy (R-LA), Chair of the Senate Health, Education, Labor and Pensions Committee (HELP), purports to apply the privacy and security practices under the HITECH Act, to entities that process non protected health information (PHI) and their service providers in the same manner that they apply to covered entities and business associates.
Per Cassidy, “traditional provider-patient interactions are governed by the Health Insurance Portability and Accountability Act (HIPAA). However, HIPAA is failing to keep up with consumer health products that connect individuals to health tools outside of the doctor’s office.”
The bill would require a plain language disclosure to the individual when an entity not subject to HIPAA accesses their data, telling them that their PHI will no longer be subject to the protection under HIPAA, how the information may be disclosed and get their consent before selling the data.
Read more at Privacy Compliance & Data Security.