ITIF Seeks Repeal of HIPAA And a Single Federal Privacy Law
There have been a lot of concerns about data privacy in the past months. The year 2018 was one of the most significant for data privacy. Both common people and governments across the world realized how vulnerable online data is to theft and unethical uses.
In many countries, including the US, the biggest problem is the absence of a unified privacy law.
With every state functioning according to individual privacy regulations, compliance becomes hard and also paves the way for cybersecurity issues.
Europe’s Big Law
In Europe, the General Data Protection Regulation has been brought into effect as a unified privacy law across the continent.
The regulation aims to protect the online data of Internet users from unethical uses. It also prevents this data from being shared with third parties for advertisement and marketing purposes. However, not all countries have been able to bring such a regulation across the entire nation.
According to the latest reports, the Information Technology and Innovation Fund have called for data privacy regulations across the US to be replaced with a single unified privacy law. This new law would be based on the type of information and the company or entity collecting it.
This is aimed at enabling consumers to make more informed choices about how they share their data. In addition, the ITIF also recommended that Congress should try to lower compliance costs; improve proper enforcement of data regulations and promote international interoperability.
Blanket Approaches Rarely Work
The United States has yet to adopt a concrete, unified privacy law, while other nations are already doing so.
This affects both international interoperability as well as the competitiveness of the US against other nations. To remedy this, the ITIF suggests replacing the existing privacy regulations with one that covers the entire nation; ensuring smoother compliance.
The organization asked the US privacy legislation to push the executive branches to replace existing privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA).
Facebook Scandal Brings Privacy Concerns
After Facebook data leak scandal was exposed the European Union enacted the GDPR for better security of consumer data.
The Cambridge Analytica scandal rocked the entire world and pushed the government of several nations to have better privacy regulations. Even though Europe tightened their privacy regulations after this breach, not all countries have done the same.
The US has not taken any action after such privacy breaches have come into light. Now, Congress and other industry stakeholders have demanded better consumer data protection in order to ensure the safety of online information as well as easier compliance for all entities.
The healthcare industry is also among those who have called for greater data protection. Healthcare industry stakeholders have sought an update to the HIPAA; the regulation that protects the privacy and security of healthcare and health insurance data.
The HIPAA was enacted in 1996 when the industry had not yet gone digital. But in the present times, the regulation is not capable of providing the level of security that is needed for digital data.
Although the regulation is still capable of doing its job, it isn’t meant for the digital age. The HIPAA was designed to protect doctor-patient confidentiality and to enable the secure sharing of data within the healthcare framework.
But the regulation was not designed keeping in mind the current crop of health apps. When someone uses a health app, he should know that there is nothing called privacy or confidentiality there.
Once you share your medical information online, there is no going back. The privacy guidelines laid out by the HIPAA cannot be followed by health apps because it would make them go out of business.
The ITIF recommends a middle path, which not only protects data privacy but also enables the smooth functioning of health apps.
The organization also suggests that although the HIPAA gives consumers privacy rights such as access to data and consent for the data to be shared and used, the same rights do not extend to other industries. Because the healthcare industry is connected to other industries like IT and business management, these rights should also be enacted for all industries.
Medical data is highly sensitive and requires better protection in the digital age, according to the ITIF. However, the organization also sought stronger data privacy regulations for other industries associated with healthcare.
The Need for Privacy
The need for data protection has been a serious issue for discussion at the Congress of late, and the ITIF’s proposals reflect the same concerns.
According to the ITIF, the US should not be a mute spectator as the rest of the world enacts stronger data protection laws. In that case, the US will be left behind as all other no growth countries secure their data with stronger regulations which only smash innovation and creativity.
Consumers should have more protection for their digital data while businesses should still have the freedom to innovate. And the organization, as well as a number of senators, believes that a middle ground is possible but doing what Europe did, not that wise.
With net neutrality abolished, the US right now has separate privacy laws in some states, like California, Colorado, and Vermont.