Congress is seeking more information from a proposed rule from HHS that would allow third-party vendors to have access to patient data in order for consumers to view and access their own personal health information. The proposed rule has been touted by CMS as a means for patients to be emboldened with more information to make decisions about their healthcare.
Senator Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus, wrote HHS Secretary Alex Azar urging CMS to consider additional steps to address “the potential for misuse” of patient data and accessibility. While Warner agreed with the goals of CMS to improve interoperability, he warned of the risks of using third-party vendors to improve access.
“As I have stated repeatedly, third-party data stewardship is a critical component of information security, and a failure to ensure robust requirements and controls are in place is often the cause of the most devastating breaches of sensitive personal information,” Warner wrote.
He also stressed the importance of safeguards to protect patient privacy in his letter and outlined several standards.
CMS proposed the rule in February and expect it will 125 million patients overall. The rule, which would take effect in 2020 as proposed, would give patients access to electronic health information at no cost and require healthcare providers to give patients this access digitally through application programing interfaces (API).
Warner’s letter comes at a time when other digital privacy concerns have also called Congress attention. A project between Google and Ascension, the nation’s largest Catholic health system, gives Google access to the health information of tens of millions of Ascension members for an EHR pilot. The House Committee on Energy and Commerce recently asked both companies to provide briefings on the project, which was revealed by The Wall Street Journal, by Dec. 6 and answer several privacy questions.