We recently discussed the healthcare industry's unprecedented profusion of advanced technologies amidst the pandemic. Such technologies primarily include the expansion of telehealth across the nation and complex advancements to the nuanced roles of artificial intelligence, analytics, and biometrics to improve the integrity of electronic health records (EHR). Under the Biden Administration, we anticipate a push for stricter federal privacy legislation favoring consumer and patient rights, mirroring the California Consumer Privacy Act (CCPA).

Why Healthcare Employers Across The Country Should Look To California

Considered the most expansive privacy regulations in the United States, the CCPA, effective January 1, 2020, requires employers meet specific criteria regarding data security to safeguard individual privacy rights, bestowing control to consumers and employees over personal information collected. With the control of the Senate undecided at this time and thus the future of federal privacy legislation muddled, a number of CCPA-inspired bills are pending at the state level, potentially creating conflicting obligations for multistate employers.

While healthcare employers are no strangers to stringent privacy laws – notably, HIPAA – it is important that the industry remain vigilant in the protection of patient data. This necessarily includes proactive monitoring of changing federal employer obligations under the new administration, which is further complicated by the volatility of the pandemic’s impact on the practice of medicine.

The Proliferation Of Telehealth Was A Game-Changer

Over the spring and summer, driven by telehealth’s unique ability to deliver contactless and efficient patient care, we saw the relaxation of HIPAA’s regulatory hurdles by the Center for Medicare and Medicaid Services (CMS) and the Office of Civil Rights (OCR). For example, the OCR temporarily lifted penalties for non-HIPAA compliant virtual communication technology if rendered in good faith during the public health emergency.

As guidance to permanency is outstanding, Democrats introduced the Exposure Notification Privacy Act, garnering initial bipartisan support. The Act, still pending approval in Congress, would mandate that providers using telehealth services or other advanced modalities storing EHR to analyze patient data – examples of which include patient data used in COVID-19 exposure notification systems – obtain patient consent for the specific utilization of said data.

The pending Exposure Notification Privacy Act specifically addresses security of patient data implicated by the proliferation of complex technologies unique to the healthcare industry during the pandemic. However, as the advent of the Biden Administration is imminent, Democrats have introduced further privacy legislation establishing new transparency and data access requirements across industries at the federal level. Whether we see movement at the federal or state level, the next four years will certainly bring about more changes for healthcare employers in the area of privacy rights and data security.

Conclusion

Accordingly, as we enter the Biden administration in the age of booming technologies across industries, including the unexpected advent of telehealth during the pandemic, it is imperative to stay up-to-date on the intersecting myriad of state and federal law relating to privacy and data protection.