DIGITAL HEALTH PRIVACY: OLD LAWS MEET NEW TECHNOLOGIES
By Reece Hirsch and Jenny Harrison1
When the Health Insurance Portability and Accountability Act ("HIPAA") was enacted in 1996, the smart phone was not even a gleam in Steve Jobs’ eye, and mobile health apps and cloud computing did not exist. Even though the primary regulations implementing and amending HIPAA became effective in 2003, 2005, and 2013, regulators and lawmakers continue to play catch-up, striving to apply HIPAA’s regulatory framework to an ever-evolving technology landscape.
Recent years have seen the proliferation of devices and applications that permit consumers to create, store and share health information like never before, from activity trackers to personal health records ("PHRs"). This type of information, which exists outside the traditional medical record maintained by healthcare providers, is often referred to as "consumer-generated health information" ("CHI"), and it has caught the attention of the regulators.2