Patricia Wagner Quoted in “ONC Discusses Health Data Risk from Entities Not Covered by HIPAA”

eHealth Law & Policy Journal August 2016

Patricia M. Wagner,  Chief Privacy Officer and Member of the Firm in the Health Care and Life Sciences and Litigation practices, in the firm’s Washington, DC, office, was quoted in eHealth Law & Policy Journal, in “ONC Discusses Health Data Risk from Entities Not Covered by HIPAA.”

Following is an excerpt:

The Report gives little in the way of solutions to the risks discussed, but does mention the regulations that may well be applicable to NCEs, such as Federal Trade Commission (‘FTC’) statutes. Experts seem to agree that expanding HIPAA or the Health Information Technology for Economic and Clinical Health Act (‘HITECH’) is either unnecessary or very unlikely in the present climate. “In order to extend HIPAA to other entities, the statute would have to be amended - I don’t think that is necessary,” said Patricia M. Wagner, Member at Epstein Becker Green P.C. “The FTC and state Advocate Generals (‘AGs’) have authority to enforce consumer protection laws that govern these NCEs. In addition, it would seem consumer engagement and education is a better strategy, as it would empower consumers to make more informed decisions.” “Actions have already been taken by the FTC and state regulators to address the Report’s concerns,” adds Blaney. “I suspect with the continued growth of healthcare IT, mHealth and mobile applications, state AGs and federal regulators will be pressured to increase the protection of individuals’ PHI even when it is shared outside of the reach of HIPAA.”