For Congress, health privacy is top of mind

By Ruth Reader , Ben Leonard , Carmen Paun and Grace Scullion

Presented by Blue Cross Blue Shield Association

Hackers have targeted health systems, drawing Congress' attention. | Getty

Politicians on both sides of the aisle agree that more safeguards are needed for Americans’ health data and the ways it’s used. The urgency level has risen as data collection online has grown, states have begun enforcing abortion bans and cyberattacks have increased.

However, lawmakers, lobbyists and the Biden administration have a multitude of views on how to protect health data, particularly data that’s not currently covered by the federal health privacy law, HIPAA.

Legislation is coming: “There’s gonna be an explosion in the new Congress,” René Quashie, VP of digital health at the Consumer Technology Association, a trade group representing major tech companies, told Ruth.

What is and isn’t covered by HIPAA? The 1996 law says covered entities — health care providers, insurers and data clearinghouses — must protect health data. But data collected by health apps, which track everything from weight loss to pregnancy, isn’t. Neither are web searches for symptoms, illnesses or treatments. Data amassed by Fitbits and Apple Watches is also unprotected, meaning it can be sold or shared without a user’s consent.

Abortion decision fallout: The overturning of Roe v. Wade by the Supreme Court is motivating abortion-rights advocates to press for new data protections. In at least one case, law enforcement used online chat logs in an investigation of an allegedly illegal abortion. Additionally, geolocation could potentially be used to prosecute women who’ve obtained an abortion in states where the procedure is illegal.

Data freedom’s risks: As of October 2022, an HHS rule that Congress ordered in a 2016 law requires doctors to make digital medical records accessible to patients. That should help patients as they shop around for medical care, but it also opens a data-protection gap. Once patients download their data, it’s no longer covered by HIPAA.

Several data protection bills could get a second look in the new Congress:

— The Health Data Use and Privacy Commission Act , sponsored by Sen. Bill Cassidy (R-La.), aims to establish a blue-ribbon panel to recommend changes to health privacy laws. Cassidy is pressing to get his bill included in year-end legislation.

— The My Body, My Data Act , sponsored by Rep. Sara Jacobs (D-Calif.), creates protections for sexual and reproductive health data online.

— The Data Care Act from Sen. Brian Schatz , (D-Hawaii) would bar companies from using consumer data in a way that could cause foreseeable harm.

— The American Data Privacy and Protection Act would set federal privacy rights, with heightened protections for kids, and has the backing of Frank Pallone (D-N.J.), the House Energy and Commerce Committee chair, and Cathy McMorris Rodgers (R-Wash.), the panel’s ranking member and likely chair if Republicans take control of the House.

Executive action: President Joe Biden has directed the Department of Health and Human Services to issue new guidance for protecting health data as well as information on how consumers can protect their own data. He’s also asked the Federal Trade Commission to consider taking steps to protect data for people seeking abortions.

Biden has also issued a proposed AI Bill of Rights , which advocates building artificial intelligence with data privacy in mind. Developers should minimize data collection and get consent for any data collected, it says.

Outside interests: Lobbying groups are ensuring that lawmakers know where they stand.

OCHIN, a nonprofit focused on equitable distribution of innovation in health care, thinks Congress should extend HIPAA to cover health data collected online and by apps.

By contrast, the Consumer Technology Association, which represents major companies like Google and Amazon, would like Congress to start fresh with national privacy rules designed for the ways data is used now.

A message from Blue Cross Blue Shield Association:

We’re working to make health care more affordable and equitable. In every ZIP code. Learn more.

Old Rag Mountain, Shenandoah National Park | Shawn Zeller

This is where we explore the ideas and innovators shaping health care. 

This won't surprise parents who watched their kids attempt Zoom school during the pandemic: A meta-analysis in JAMA Pediatrics that culled data from 46 prior studies on 29,017 children found that screen time increased by 52 percent during the school closures of 2020–2021.

Share news, tips and feedback with Ben Leonard at bleonard@politico.com, Ruth Reader at rreader@politico.com, Carmen Paun at cpaun@politico.com or Grace Scullion at gscullion@politico.com. 

Send tips securely through SecureDrop, Signal, Telegram or WhatsApp.

Today on our Pulse Check podcast: A pair of little-discussed Republican victories last week could lead to abortion restrictions in two states. Megan Messerly talks with Katherine Ellen Foley about a bright spot for the GOP amid an otherwise disappointing election for abortion opponents.

A message from Blue Cross Blue Shield Association:

HHS and Congress lifted restrictions on telehealth for Medicare patients early in the Covid-19 pandemic. | AP

If you like your telehealth, there’s a good chance you could keep it.

By the end of the year, Congress will likely take up a temporary extension of Medicare rules that permit more patients to visit their doctors virtually.

The Department of Health and Human Services did not give notice that it plans to end the Covid-19 public health emergency – the department has said it would provide 60 days notice before ending it – so the emergency will extend beyond the current expiration on Jan. 11. That’s significant because the Medicare rules expire five months after the emergency does.

Senators are talking about providing more certainty by adding a provision to an end-of-the-year government spending bill to extend the rules a year beyond that.

The House passed a telehealth bill by Rep. Liz Cheney (R-Wyo.) in July that would go even further, extending the rules through 2024.

The backstory: Initially permitted by the Trump administration at the pandemic’s outset and buttressed by Congress in a March 2020 Covid-19 relief law, the rules allow Medicare to cover telehealth visits or audio-only telehealth from patients’ homes.

No dice: Congress is less likely to extend another temporary pandemic rule allowing insurers to cover telehealth visits before people on high-deductible plans hit their deductibles. Those rules are set to expire on Dec. 31.

A message from Blue Cross Blue Shield Association:

A ZIP code is more than a number—it’s a main street, a tight-knit community, a family home. And until every baby goes home with a healthy parent. Until patients and caregivers speak the same language. Until routine care becomes routine, for everyone. Blue Cross and Blue Shield companies will work to make health care more affordable and equitable for everyone, for the health of America.

Researchers at the One Health Institute at the University of California, Davis are trying to find out whether artificial intelligence can identify dangerous viruses.

They’re gearing up to use AI to parse data in SpillOver, a database assembled with the help of the U.S. Agency for International Development’s Emerging Pandemic Threats Program, which collates information on viruses, hosts and environmental risk factors. The goal is to identify viruses that pose the greatest risk of jumping from animals to people and then causing outbreaks.

The Coalition for Epidemic Preparedness Innovations, a partnership of governments and foundations, wants to use the SpillOver data to prioritize its investments in vaccine candidates to combat viral diseases.

Top target: The most recent findings from SpillOver show that the zoonotic Lassa virus ranks as the highest-risk pathogen after the coronavirus. Lassa causes hemorrhagic fever and shares some symptoms with Ebola, but is far less deadly. It’s endemic in parts of west Africa , including Sierra Leone, Liberia, Guinea and Nigeria. There are no licensed vaccines or treatments for Lassa fever, but the international coalition is supporting the development of six shots against it.

Follow us on Twitter

Ben Leonard @_BenLeonard_ Ruth Reader @RuthReader Carmen Paun @carmenpaun

Follow us

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to .