A hearing by the House Energy and Commerce Subcommittee on Innovation will be held Wednesday to discuss new legislation to protect patient privacy, giving Americans the authority to access and delete personal data being housed by companies.
The bipartisan American Privacy Rights Act (APRA) is written to give patients property rights over much of their data. While the legislation is far from finalized and has only just been drafted, ARPA would specifically give consumers control over data that falls outside of the purview of the Health Insurance Portability and Accountability Act (HIPAA).
While that excludes a lot of data, such as provider medical records, it would cover the growing amount of data from smartphone apps, consumer health devices, chatbots, webforms and potentially a lot more.
For now, HIPAA-covered organizations, such as hospitals and health systems, are exempt from the legislation. However, ARPA would empower the FTC to have more regulatory authority over patient data and, ideally, could improve transparency for consumers over what data is being gathered and shared between technology companies—including social media platforms—and healthcare entities.
Some states, such as California and Virginia, already have certain data privacy protections in place for their residents. It isn’t yet clear how ARPA would interact with those laws and if carve outs will be made for states to regulate healthcare data themselves. The latest draft, however, seems to set a floor that would allow Congress or state governments to enact stricter controls on data gathering, sharing, access and use.
The growing influence of AI algorithms is also addressed in ARPA . Privacy concerns surrounding AI algorithms that leverage data to influence consumer behavior will likely be regulated by the bill. As currently written, ARPA will improve transparency over how these algorithms work and restrict the data they can gather without consumer knowledge. However, the bill is expected to change before it is put on the floor for a vote, if that happens at all.
The hearing comes after a high-profile breach at Change Healthcare that could be big enough to have exposed personal data from most of the public.