skip to Main Content

I submitted a comment to the Office of the National Coordinator for Health IT today.   Below is the text. Dear Dr. Rucker, I appreciate the opportunity to comment on the proposed rules for data interoperability, information blocking and the ONC’s health IT certification program. I counsel HIPAA covered entities and vendors of healthcare technologies on privacy, data security and contracts.  This vantage point gives me a point of view about consumer privacy and data portability.  I would like to offer my comments on the information blocking rule, particularly in regard to the "promoting privacy" exception and, more broadly, the policies that give effect to the individual right of access under HIPAA. The HIPAA Privacy Rule and Data Portability Between Covered Entities The HIPAA Privacy Rule includes detailed specifications that govern the permissible disclosure of PHI between covered entities, but it does not affirmatively require these disclosures to be made.  This is a critical juncture where data portability gets stuck.  The information blocking rule fills a critical gap in the HIPAA Privacy Rule, by inducing health care providers and their respective supply chains to facilitate data portability with other HIPAA covered entities, or else face negative consequences under the enforcement authorities…

Read More

Privacy Panel for ACT-IAC’s Healthcare Cybersecurity and Privacy Form

I participated in a privacy panel on April 23, 2019 during ACT-IAC's Health Security, Privacy and Practice Forum.  Special thanks to moderator Eric Larson, co-panelists Jamie Danker and LaShaunne Graves and all who contributed their comments and questions during the Q&A. Some key takeaways: 1. All panelists agree on the importance of "baking" privacy into system design and applications.  We need to move beyond static programs that rely primarily upon policies and training to active systems of monitoring and accountability. 2. Jamie noted that cybersecurity tends to be better resourced in federal agencies than privacy, which puts consumer privacy interests  risk 3. Government agencies can improve trust by not only disclosing all the ways that a personally identifiable information may be used and disclosed, but reinforcing its privacy commitments in demonstrable ways within information flows. 4. Privacy issues are rising in federal health agencies because of rising demand to adopt modern technologies and use data in new ways to advance public welfare interests.  As a result, settled practices for balancing personal and public welfare interests need to be reexamined. 5.  Protecting privacy needs to be at the forefront of federal agency missions.  

Read More
Back To Top