Karen Mandelbaum, Senior Counsel in the Health Care & Life Sciences practice, in the firm’s Washington, D.C. office, was quoted in Modern Healthcare, in “Interoperability Rule Exposes Gaps in Protecting Privacy,” by Michael Brady. (Read the full version – subscription required.)
Following is an excerpt:
The Trump administration’s new interoperability and data blocking rules will give patients long-overdue access to their health information, but it could come at the expense of privacy since consumers will bear more responsibility for protecting their data under a “buyer beware” standard.
When Congress passed the 21st Century Cures Act in 2016, it directed HHS to force insurers and providers to adopt standardized application programming interfaces—APIs—to make it easier for doctors, hospitals, insurers and patients to share health information. HHS proposed rules, released in February 2019, meet with fierce resistance from some corners of the industry, especially on privacy. …
More to the point, HIPAA was designed in 1996 for insurers and providers when most health information was inside the traditional healthcare system. Now there’s more health-related data outside of it and expanding HIPAA protections to apps, wearables, websites and other consumer-facing products and services could prove unworkable. Even the definition of interoperability has changed since 2004 when it was first discussed.
“Interoperability has taken on a new dimension by including . . . these third-party applications as part of the healthcare ecosystem,” said Karen Mandelbaum, senior counsel for Epstein Becker Green. “We didn’t have third-party apps (in 2004).”