State and federal officials move to further wall off healthcare data
The eye in the sky gets some blinders to protect patient privacy
In 1982, British rock band The Alan Parsons Project made the top-40 charts with the song “Eye in the Sky.” The cryptically dark message: “I am the eye in the sky, looking at you. I can read your mind.”
Forty-two years later, states across the nation and political spectrum – along with the U.S. Department of Health and Human Services (HHS) – are moving en masse this year to broaden protections of health consumers’ patient privacy against the digital eye in the sky.
In just the last 30 days [at the time of writing], lawmakers and regulators near and far have acted concurrently to shield personal data and medical records from digital spies in sensitive areas ranging from contraception and IVF to sexual orientation and transgender status, to genetic and biometric data, to personal thoughts.
Colorado pioneers protections for brainwaves
Yes, that’s right, thoughts. Brainwaves earned special protection in Colorado recently when Governor Jared Polis signed into law the first measure protecting human-brainwave data.
The new patient privacy law comes partly in response to emerging technology that can detect brain activity for potential clinical and commercial uses. Examples include brain implants aimed at helping people suffering physical paralysis and EEG headsets, which track the brain’s electrical activity in efforts to more easily diagnose and manage neurological conditions such as epilepsy.
In a rarely unanimous 34-0 vote by the Colorado State Senate and a 61-to-1 vote in the House, legislators amended the Colorado Privacy Act to include brainwaves under the definition of “sensitive personal information,” along with fingerprints and facial images.
The Act prohibits the sale of such information and grants consumers rights to know whether individual personal data is being used, to correct and delete such data, and to get copies of it.
We train our expert eye on your law firm’s marketing
Through our LawMarketLink program, we assess, enhance, and measurably improve your marketing focus – all with a guarantee of growth.
New state patient privacy laws take effect starting in 2025
In the meantime, legislators in Nebraska, Kentucky and Maryland enacted laws protecting “consumer health data” (CHD) by granting similar rights regarding all forms of digital information. The Nebraska and Maryland measures will take effect in 2025; the Kentucky law goes into effect in 2026.
In parallel actions, Nevada and Washington on March 31 ushered in first-of-their-kind laws more broadly protecting personal health data not covered by the Health Insurance Portability and Accountability Act (HIPAA).
For example, marketers will now face restrictions in those states on uses of geofencing, a technique using Global Positioning Satellites (GPS), cell phone, and Wi-Fi data to identify the locations of existing and prospective patients for more targeted messages. Protected citizens include residents of both states and individuals whose CHD is collected in the state.
HHS also moves to broaden patient privacy protections
Three weeks later, the HHS issued the final version of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy, also seeking to expand protections beyond HIPAA. The rule follows the 2022 overturning of Roe v. Wade abortion rights.
Under the measure, new defenses will protect “medical records and information for women, their family members, and doctors seeking, obtaining, providing, or facilitating lawful reproductive care.” Enforcement responsibilities will fall to the HHS Office for Civil Rights.
Disclaimer
The information on this website does not constitute legal advice and is not guaranteed to be correct, complete, or up to date. The information is provided as is without warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. Vanguard Communications authorizes website visitors to view, store, print, reproduce, copy, and distribute any pages for non-commercial purposes. In consideration of this authorization, you agree that a) any copy of these documents shall retain copyright and other proprietary notices herein, and b) this disclaimer is included with any distribution.