Health Information Compliance Alert

Published on Tue May 19, 2020 PDF

Senators worry new technologies can infringe on privacy rights.

Researchers around the globe are harnessing patients’ data to combat COVID-19. The feds want to ensure that consumers’ privacy isn’t being trampled in the process.

Context: With geolocation applications all the rage in coronavirus times, some legislators believe there’s a need to rein in tech companies, researchers, and clinicians. On April 30, U.S. Senators Roger Wicker (R-Mississippi), John Thune (R-South Dakota), Jerry Moran (R-Kansas), and Marsha Blackburn (R-Tennessee) introduced plans for a COVID-19 Consumer Data Protection Act.

The announcement clarifies that the senators agree that big data can help track COVID-19 patients and “flatten the curve,” but that research shouldn’t come at the expense of citizens’ security. “The legislation would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data,” explains a U.S. Senate Committee on Commerce, Science, and Transportation release. “The bill would also hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.”

Tech Giants Work Together on Proximity Apps

It’s not surprising that the senators’ dispatch comes on the heels of another major release from the tech world. On April 10, the twin titans of Silicon Valley, Apple and Google, announced they are working in tandem to develop programs to utilize tracking technology to thwart the spread of the virus.

“Across the world, governments and health authorities are working together to find solutions to the COVID-19 pandemic, to protect people and get society back up and running,” said Apple and Google in a joint release. “Software developers are contributing by crafting technical tools to help combat the virus and save lives,” they say.

The tech innovators added, “In this spirit of collaboration, Google and Apple are announcing a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.”

Check Out the Feds’ Reasoning

In their announcement, the senators acknowledge the importance of these types of new technologies. In fact, they all agree that tech may be a key factor in battling the pandemic.

We are using technology more than ever before while social distancing across the nation, indicates Blackburn. However, she and her senatorial cohorts argue that tracking applications shouldn’t infringe on patients’ rights, and that’s where the regulatory efforts come into play.

“It is paramount that as tech companies utilize data to track the spread of COVID-19, Americans’ privacy and security are not put at risk,” Blackburn says. “Health and location data can reveal sensitive and personal information, and these companies must be transparent with their users.”

Here’s What the Bill Might Entail

If the bill comes to fruition, it will apply to individuals and entities regulated by the Federal Trade Commission (FTC) and require them to get consent for using peoples’ locations and health information to track COVID-19. Plus, the regulations would run concurrently with the timeline of the public health emergency (PHE) and be in effect through its duration, the release suggests.

Specifically, the legislation pertains “to precise geolocation data, proximity data, and personal health information when collected, processed, or transferred for a ‘covered purpose,’” explains Boston-based attorneys Cynthia J. Larose and Christopher J. Buontempo with Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. in online analysis.

Extra work: “Covered entities (CEs) would be required to comply with the bill,” too, indicate Larose and Buontempo.

For example, when CEs collect, process, or transfer an individual’s “covered data” to “track the spread, signs, and symptoms of COVID-19” or “measure social distancing” within a locale’s guidelines, those actions would fall under the jurisdiction of the bill’s requirements, Larose and Buontempo advise.

In addition, the legislation would mandate that organizations do the following for consumers:

• Provide opt-out clauses.
• Convey privacy policies.
• Publish transparency reports.
• Create data security protocols.
• Delete or de-identify data when the COVID-19 PHE ends.
• Put state attorneys general in charge of enforcing the act.

Resource: Review the Senate release at www.commerce.senate.gov/2020/4/wicker-thune-moran-blackburn-announce-plans-to-introduce-data-privacy-bill.