Health data privacy laws should be updated

Opinion | Health data privacy laws should be updated unknown

To prevent data brokers from selling the health data of Americans, they — and the sources of the data that they collect — should be considered in a revision of the Health Insurance Portability and Accountability Act.

Passed in 1996, HIPAA established safeguards that health-care providers and others must follow to protect the privacy of patients’ medical data. The statute also outlines numerous offenses relating to the security of patient information and establishes civil and criminal penalties for violations.

The main reason data brokers, digital health companies, mobile apps and social media networks can easily circumvent HIPAA rules is that the law doesn’t cover them. These entities weren’t considered when HIPAA was last comprehensively updated in 2013, so they have been conveniently able to ignore it.

A congressional amendment to HIPAA that includes these businesses seeking to profit from the selling of all forms of protected health information would be a win for all Americans.

David Lenihan, Ponce, Puerto Rico

The writer is president of Ponce Health Sciences University and CEO of Tiber Health.