AMIA calls for tighter coordination of data privacy rules

By | November 15, 2018

The American Medical Informatics Association is asking the Trump administration to take a close look at both HIPAA and the Common Rule to see how they might be updated or harmonized for a new era of privacy policy.

Specifically, the AMIA wants a more integrated approach to how policies aimed at both the “health sector” and “consumer sector” are defined.


A patchwork of consumer and patient privacy policies already exists in healthcare, AMIA told the National Telecommunications and Information Administration this week.

The group, which exists as part of the Department of Commerce, was seeking comments about ways to simultaneously advance and protect both consumer privacy and technology innovation.

It was looking for advice around organizational transparency, user control over personal information, reasonable minimization of data collection, organizational security practices, user access and correction, organizational risk management, and organizational accountability.


AMIA told the NTIA that its comments are informed by long experience with twin healthcare policies.

“In representing the nation’s biomedical and health informatics professionals, our views are necessarily tethered to our experience with the Health Insurance Portability and Accountability Act of 1996 and the Federal Protections for Human Subjects Research, also known as the Common Rule,” AMIA CEO Doug Fridsma wrote.

“These health and research ‘sector’ specific rules dictating the data rights and responsibilities of patients, clinicians, participants, and researchers should serve as important and informative inputs to this conversation on consumer data privacy. This is not to suggest that either HIPAA or the Common Rule should apply to the consumer data ecosystem,” he explained.

Read More:  Data breach at Atrium Health impacts more than 2.6M records

“Rather, as the line between consumer and medical information systems and devices continues to blur, the administration must strive to craft concordant privacy policies across both health and consumer data ecosystems,” Fridsma added.

AMIA made the point was that differences in the interpretation of HIPAA have led to big variations in how it’s applied. The Trump administration should seek to balance the need for both process- and outcome-oriented policies, since “over-emphasis on vague or difficult-to-measure outcomes without guidance on process will result in the failings of HIPAA – wide variation in interpretation and inconsistent implementation.”

(HIPAA, meanwhile – which has been in place for more than 20 years, since the days of paper records, long predating some of the most revolutionary health and consumer technology – also seems perhaps poised for a refresh. This week, The Department of Health and Human Services’ Office of Civil Rights advanced a HIPAA request for information on to the Office of Management and Budget.)

AMIA reiterated its support for patients always having access to their data – and also advocated extending that principle to other sectors of the economy, such as consumer technology. It also asked closing regulatory gaps that endanger data privacy, such as various health-related technologies that still exist outside the scope of HIPAA.

Toward that end, it also asked the Federal Trade Commision to come up with a consumer data strategy that “supports trust, safety, efficacy, and transparency across the proliferation of commercial and nonproprietary information resources” and develop an “ethical framework around the collection, use, storage, and disclosure of the personal information consumers may provide to organizations.”

Read More:  HHS finalizes rules requiring EHR access and ending information blocking


“We applaud the administration for initiating this long overdue conversation,” said Fridsma in a statement. “Just as we strive to ensure that patients have access to and control over their data, we must strive to deliver the same for consumers. The administration should learn from the health sector and develop improved privacy policies across all sectors of the economy.”

Twitter: @MikeMiliardHITN
Email the writer:

News from