Update:

v26 Labs will be participating in a meeting with the Office of Management and Budget (OMB) in Washington D.C. The meeting is being held on February 20, 2020 at 3:00PM, EST. We look forward to this opportunity to advocate for the free exchange of data, but with patient privacy at the center. 

 

Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA


U.S. Department of Health and Human Services, June 17, 2016


"Organizations that are not regulated by HIPAA, the FTC, or state law may collect, share, or use health information about individuals that may put such data at risk..." 


"Health information collected in more places without consistent security standards may pose a cybersecurity threat." 


"[I]ndividuals may inadvertently consent to unanticipated types of information sharing and use by [non-covered entities] collecting their health information" 

v26 Labs Position Statement on ONC Interoperability Rule

As ethical hackers specializing in healthcare, it is in our DNA that patients should be given free access to their healthcare data. With that in mind, we also believe that patient privacy should be protected at all cost. v26 Labs is committed to the protection of patient health data. 


As supporters of free access to information, we stand with our partners and recommend that the proposed rules for low-cost information sharing should be implemented. However, it is our strong position that certain changes should be implemented first and without delay.


What patients may not understand going forward is that many third-party application developers are non-HIPAA entities, and therefore patient data that is being shared is not covered under HIPAA privacy rules and legal protections. Once patient information is shared without HIPAA protections, it will be next to impossible for that data to be recovered and once again be made private.  


It is our position, therefore, that the rules be implemented only when they are fully covered under HIPAA protection.


We encourage the ONC to continue privacy practice assessments, and we will continue to make recommendations to improve security, such as the use of multi-factor authentication and legal privacy protection under HIPAA.