AMA Shares Privacy Principles for Non-HIPAA Covered Entities, Data
The American Medical Association unveiled a set of privacy principles for non-HIPAA covered entities, designed to empower consumers with more control over the health data collected about them. AMA will leverage the insights to engage the administration, Congress, and other industry stakeholders.
Enacted in 2009, HIPAA does not apply to several key instances of health data generated in the modern digital age. For example, the Department of Health and Human Services has clarified that protected health information shared with a third-party app chosen by the patient is not covered by HIPAA.
More specifically, “If the individual's app – chosen by an individual to receive the individual's requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app.”
In light of these gaps in HIPAA, Congress and industry stakeholders have...