BBB National Programs to House Consumer Health Data Privacy Program
Executives for Health Innovation (EHI) has coordinated an effort to establish an organization to house a self-regulatory program to govern compliance with new consumer health data-use standards. On March 24, it announced that BBB National Programs was selected to house and run this new program.
Over the last two years, EHI and the Center for Democracy & Technology (CDT) led a process to develop a Consumer Privacy Framework for Health Data. More than 60 organizations from across the healthcare sector participated, and public comment was sought on a set of draft standards in 2020. The final Framework privacy standards, released in February of 2021, included the input of a broad range of consumer, health, technology, civil liberties, and academic organizations. The work was funded by the Robert Wood Johnson Foundation.
The organizations noted that historically, many privacy models have placed too much emphasis on individuals consenting to the use of and access to their health data and company notifications. “These outdated privacy models have failed to protect consumers and meaningfully inform them about how their data might be or is actually used,” they noted.
The Framework involves a detailed set of data use limits. It covers all information that can be used to make inferences or judgments about a person’s physical or mental health by virtue of a broad definition of “consumer health information.” It applies to all non-HIPAA-covered entities that collect, disclose, or use consumer health information, regardless of the size or business model of the covered entity.
Speaking during a March 24 webinar, Mary Engle, the executive vice president for policy at BBB National Programs, described her nonprofit organization’s mission as enhancing marketplace trust and creating a fairer playing field for businesses and a better experience for consumers. “We do that by developing and running effective third-party accountability programs in the areas of advertising, privacy and dispute resolution,” she said. “Our programs feature the characteristics that the Federal Trade Commission has identified as important for successful industry self-regulation: clear requirements, active monitoring, effective enforcement procedures to resolve conflicts, a transparent process with widespread industry participation, responsiveness to a changing market and to consumers and sufficient independent control by industry.”
Engle said BBB National Programs tailors its programs to fit the needs of particular industries and issues being addressed. For example, some programs apply standards across the board to all industry members, while others are limited to those who actively participate in the program and may include a public statement of commitment. “Our national advertising division has provided a voluntary self-regulatory forum for challenging misleading advertising, with a proven track record of advertisers removing misleading claims from the marketplace, or else being referred to the Federal Trade Commission,” she said.
“Consumer health data has long been recognized as highly sensitive and information warranting stringent protections, and yet federal law has not kept up with the spread and proliferation of this sensitive data outside the healthcare and insurance industries regulated by HIPAA,” Engle said. “With health apps, wearables and websites, this was true even before the arrival of COVID-19, but it has been accelerated by the pandemic. Now all manner of institutions — theaters, clubs, arenas, airlines — collect vaccination status, COVID exposure and other health data. The time is right to showcase one of the historic advantages of industry self-regulation, which is to act more quickly and be nimbler than government regulation can be.”
She said BBB National Programs was pleased to participate on the steering committee in developing the Framework. “And we are delighted and honored to have been selected as the organization to house the new independent accountability program for the framework. We are excited to work with EHI and other stakeholders to determine the contours of the program and the elements of accountability needed to ensure appropriate protection of consumers health data.”