Archive of Privacy Legislation in the United States
Meaningful Use and HIEs (Health Information Exchanges)
- Meaningful Use
- Meaningful Use Stage 2
- PPR's MU Stage 2 Comments
- Stage 3 Meaningful Use Proposal
- Nationwide Health Information Network: Conditions for Trusted Exchange
- PPR's Comments on NwHIN
- PPR's Testimony on Accounting of Disclosures (Privacy and Security Tiger Team Virtual Hearing, 9/30/13)
- PPR's Testimony on Patient Matching at ONC Stakeholder Meeting (12/16/13)
HIPAA and HITECH
- HIPAA Final Omnibus Rule: Modifications to the HIPAA Privacy, Securty, Enforcement, and Breach Notification Rules under HITECH
- Final Omnibus Privacy Rule Analysis by Deborah C. Peel, MD
- PCAST Report to the President: “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward”
- PPR PCAST HIT Report Comments
Do Not Track
- FTC’s Recommendations for Businesses and Policymakers—“Protecting Consumer Privacy in an Era of Rapid Change”
- FTC Protecting Consumer Privacy Comments
HB 300
State Health Privacy Law
2009-2011
- Whistleblower Protections for Health Care Reform
- Protect Patients and Physicians Privacy Act, H.R. 2630
- Health IT Policy & Standards Committees
- HHS Named New National Coordinator for Health IT
- American Recovery & Reinvestment Act, H.R.
2007-2008
- Letter from EPIC to Senator Markey discussing the "HITECH" draft bill
- Testimony of Peter Orszag before the Subcommittee on Health Committee on Ways & Means, U.S. House of Representatives: Evidence on the Costs and Benefits of Health Information Technology, July 24, 2008
- The ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012, June 3, 2008
- HiMSS Matrix on HIT Legislation including sponsor(s), an overview, and a privacy and security summary
- Letter to Senators by the Mental Health Liaison Group - July 17, 2007 - alerting them on privacy and security concerns of individual health records during the development of national interoperable HIT.
- The Scope of Liability for Violating HIPAA
- 'TRUST' Act, HR 5442 - "Technologies for Restoring Users' Security and Trust in Health Information Act of 2008" Introduced in the 110th Congress, 2nd Session. Has been referred to multiple committees.
- Summary of the 'TRUST' Act - Section by section.
Prior to 2005
- Health Insurance Portability and Accountability (HIPAA) Public Law 104-191 - August 21, 1996 -as passed by the 104th Congress
- Summary of the HIPAA Privacy Rule by Office for Civil Rights (HHS) from the Office For Civil Rights Summary of the HIPAA Privacy Brief April 11, 2003 - HIPAA Compliance Assistance
- State Security Breach Notification Laws from the National Conference of State Legislatures
- Electronic Communications Privacy Act (ECPA), H.R. 4952
- Title 42, Chapter 1, Part 2 - Public Health Service, Department of HHS: Confidentiality of Alcohol and Drug Abuse Patient Records
- Testimony of Deborah C. Peel, April 16, 2002 - For the Senate HELP Committee Hearing on Medical Privacy
- Bartnicki et al. v. Vopper, aka Williams, et al. May 21, 2001 - Court case which states that stolen records can be published.
List of Key Legislation proposed in 2005:
- Health Information Technology Promotion Act of 2005
- Wired for Health Care Quality Act" (S. 1418)
- Health Technology to Enhance Quality Act of 2005″ (S. 1262)
- 21st Century Health Information Act of 2005″ (H.R. 2234)
-
Better Healthcare Through Information Technology Act” (S. 1355)List of Key Legislation proposed in 2005:
- Health Information Technology Promotion Act of 2005
- Wired for Health Care Quality Act" (S. 1418)
- Health Technology to Enhance Quality Act of 2005″ (S. 1262)
- 21st Century Health Information Act of 2005″ (H.R. 2234)
-
Better Healthcare Through Information Technology Act” (S. 1355)List of Key Legislation proposed in 2005:
- Health Information Technology Promotion Act of 2005
- Wired for Health Care Quality Act" (S. 1418)
- Health Technology to Enhance Quality Act of 2005″ (S. 1262)
- 21st Century Health Information Act of 2005″ (H.R. 2234)
- Better Healthcare Through Information Technology Act” (S. 1355)
DRAFT - The House Energy and Commerce Committee is drafting a federal law to govern electronic data transfers and require notification of data privacy breaches. The final version should be introduced soon. PDF file
Stated Purpose: To “require persons engaged in interstate commerce and in possession of electronic data containing personal information to establish comprehensive policies and procedures to prevent unauthorized acquisition of such information and to notify individuals of any such unauthorized acquisition.”
Real Effect: This bill will pre-empt all stronger existing state laws requiring notification of data privacy breaches.
Problem:
Stronger state laws will be pre-empted if this national law takes effect. At least ten states have strong privacy laws requiring notification of electronic data privacy breaches, even if no harm would likely result. The states with stronger data breach notifications triggers are: Arkansas, California, Delaware, Georgia, Illinois, Maine, Montana, Rhode Island, Tennessee, and Texas.
(Note: California’s strong laws requiring customer notification when financial data was stolen or revealed are the reason for the recent media coverage of exposures of customers’ sensitive financial data.)