Health Affairs December 12, 2019
Over the past 10 years, US health care has gradually shifted toward digital record keeping in the professional realm—the world of hospitals, health plans, and physician practices. That transition occurred under the umbrella of privacy and security rules rooted in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a law which predates most modern online and mobile services, and explicitly excludes health information created or managed by patients themselves. As federal and state lawmakers look to revamp privacy rules, this post outlines a proposal to adapt and extend the familiar HIPAA framework, and some of the fiduciary principles embedded in that framework, for a new era of digital-first health care. We suggest that Congress could enact a package...