Officials in the HHS office that oversees health technology have said new rules will give consumers transparency about app-makers’ privacy practices. That would give the Federal Trade Commission a role in keeping tech firms accountable — but some lawmakers say those FTC powers are inadequate. Sen Kirsten Gillibrand (D-N.Y.) recently introduced legislation to create a brand new federal agency devoted to data protection and privacy, in health and other sectors.
The increased push to let both patients and providers more easily move and share health records has been championed by White House senior adviser Jared Kushner. The president’s son-in-law has quietly helped craft the policy, which could upend the health technology sector and generate a windfall for Silicon Valley giants and startups alike.
Standing against the administration is Epic, the biggest player in health care software. The giant has bought up ads in the D.C. metro system and Reagan National Airport as one front in its campaign to delay the new policy on data sharing. And it briefly floated a lawsuit against HHS.
Central to Epic’s argument are privacy fears — and privacy and consumer advocates, hospitals and health systems are divided. Some agree the privacy challenges haven’t been thought through; others believe Epic is opportunistically trying to protect its market dominance.
The roiling privacy debate has reached within the administration, and concern within the Office of Management and Budget was one reason the rollout of the new rules was delayed, a government official and a second person familiar with the process said.
Patients already have rights to access their records, either by paper or in downloadable format, and firms like Apple have also enabled apps access to the phones. But it’s currently not as easy, affordable or complete as it should be, many patient advocates say. The new rules on patient access are part of a general push to make it easier to move data from one setting to another, known in the industry as interoperability.
Privacy hawks see an ironic threat: giving patients more control over their health data will ultimately result in them losing that very control. Once data is shared, privacy restrictions become looser, supercharging a burgeoning industry built on vacuuming up and reselling Americans’ medical information. Already, tech giants like Google and Facebook face renewed scrutiny on Capitol Hill over their use and protection of consumer data.
“This is not about interoperability — this is about having access to data,” said Jeff Chester, executive director of the Center for Digital Democracy and a prominent critic of Google. “The health data is going to give them insights into many other aspects of your life.”
Google and Apple have met with administration officials several times on the issue over the past few years, multiple sources confirmed, including a recent visit from from Google Health chief David Feinberg, who met with health officials amid an ongoing department investigation into Google’s recent patient data deal with health system Ascension Health.
The deal last year unleashed a furor from privacy hawks, lawmakers and regulators, prompting the probe over whether the partnership violates HIPAA.
HHS declined comment for specific questions about its meetings with tech firms, though Don Rucker, director of the Office of the National Coordinator for Health Information Technology, who oversees health tech in the department, confirmed Feinberg’s visit in a January speech.
Top health officials have made clear they see the regulations as a chance to dislodge health IT incumbents like Epic and jump-start what Rucker has called “new business models of health care.”