Expand patient mental health data privacy protections
Recommendation
Congress should expand patient data privacy protections for mental health and wellness applications.[1]
Background/summary
Patient privacy concerns are rising with expanded access and use of mental health and wellness applications.[1][4] The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires protected health information from being disclosed without an individual’s consent or knowledge.[3] However, the law applies only to health data and mobile applications connected to medical providers, health insurers, or their business associates.[1] HIPAA does not regulate wellness or mental health applications not associated with these kinds of healthcare entities, leaving healthcare consumers and their data potentially unprotected.[1]
While the Office of Civil Rights (OCR) offers HIPAA compliance guidance for mobile health (mHealth) developers [2], there’s a need for more rigorous oversight and regulation. Individuals using mobile applications must be made aware if their information is not protected and have the ability to consent to have their information shared.[1] Ultimately, Congress should ensure data collected by mobile health and wellness applications are protected under HIPAA.[1]
citations
1. Bipartisan Policy Center. Tackling America’s Mental Health and Addiction Crisis Through Primary Care Integration. Last Updated March 2021.
2. U.S. Department of Health and Human Services. Resources for Mobile Health Apps Developers. Last Updated December 6, 2022.
3. U.S. Department of Health and Human Services. Summary of the HIPAA Privacy Rule. Last Updated October 19, 2022.
4. Zarefsky, Marc. Privacy Concerns Grow as More Health Data Goes Mobile During Pandemic. American Medical Association. Last Updated February 18, 2022.