Privacy and Security of COVID-19 to be Protected by Public Health Emergency Privacy Act
Democratic senators introduced the Public Health Emergency Privacy Act on January 28, 2021 in order to safeguard the privacy of Americans and see to it that data security measures are implemented so as to completely secure COVID-19 linked health data gathering for public health duties.
The Public Health Emergency Privacy Act was formulated by Sens. Mark Warner, D-Va., Richard Blumenthal, D-Conn. and U.S. representatives Anna Eshoo, D-CA., Jan Schakowsky, D-IL., and Suzan DelBene, D-WA and allows for the creation of strong and applicable privacy and data security rights for health information.
The Act will allow for stringent privacy protections to be created to ensure any health data collected for public healthcare reasons will only ever be used for that purpose which it was shared.
The Public Health Emergency Privacy Act places a limit on the use of data gathered for public health purposes to public health uses, prohibits the use of the data for discriminatory, unconnected, or intrusive reasons, and forbids government agencies that play no active role in public health from improperly using the data.
Senator Blumenthal commented: “Technologies like contact tracing, home testing, and online appointment booking are absolutely essential to stop the spread of this disease, but Americans are rightly skeptical that their sensitive health data will be kept safe and secure. Legal safeguards protecting consumer privacy failed to keep pace with technology, and that lapse is costing us in the fight against COVID-19.”
The Act states that data security and data integrity protections must be used in relation to healthcare data, for the data gathered to be kept to the minimum necessary information to achieve the purpose for which it is gathered and requires tech businesses to make sure the data is deleted once the public health emergency is ended.
Americans’ voting rights are safeguarded through not allowing conditioning the right to vote on any medical condition or use of contact tracing apps. The Act will allow Americans citizens full management in relation to their role in public health efforts by ensuring transparency and making opt-in consent a legal obligation. The Act also requires regular reports in relation to the impact of digital collection tools on civil rights.
HIPAA will not be superseded by the Public Health Emergency Privacy Act and the same is true for federal and state medical record retention and health information privacy legislation and rules.
Senator Warner said: “Strong privacy protections for COVID health data will only be more vital as we move forward with vaccination efforts and companies begin experimenting with things like ‘immunity passports’ to gate access to facilities and services. Absent a clear commitment from policymakers to improving our health privacy laws, as this important legislation seeks to accomplish, I fear that creeping privacy violations and discriminatory uses of health data could become the new status quo in health care and public health.”
The introduction of a similar legislative bill was attempted during 2020. However, on that occasion it did not win adequate congressional backing.