This article originally appeared in MedCity News

By Chris Bowen, Founder & CISO at ClearDATA

The current piecemeal state-by-state regulation approach is a feeble patchwork and ready for collapse under the first strong blow. It’s high time we craft a robust and uniform effort to safeguard our patients’ digital rights.

 

Finally! A consumer-centric act that prioritizes the rights and protections of individuals, ensuring data is treated with the utmost respect and care.

The healthcare industry is dominated by a constant looming threat of data breaches that prey upon and exploit our most private information. Recently the American Privacy Rights Act discussion draft — led by House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) — was put forth, and this is not just a proposed legislative shift, but a welcome call to action.

This pivotal moment challenges the healthcare and technology sectors to rise above the status quo, embracing accountability and trust like before.

The Act aims to set a new standard for data stewardship, ensuring consumers can trust how their information is handled, especially by large technology companies that are guilty of selling and using consumer data without consent or knowledge. A National Privacy law is more than just a step forward; it’s a significant leap we should have made long ago.

Under the Act, the pillars of care — access, correction, deletion, and protection — are amplified and sanctified. At a time when healthcare organizations navigate the fine line between leveraging data for innovation and guarding against breaches that could endanger lives, this act emerges as a critical call to prioritize individual rights and protection above all else.

In healthcare, data breaches are not mere lapses in cybersecurity. They are life threatening attacks by bad actors, intent upon disrupting the healthcare ecosystem and we must respond aggressively.

The proposed legislation

A National Privacy law arms individuals with sovereignty over their personal data and liberates healthcare entities from navigating the chaotic morass of state-specific regulations, setting a singular, stringent standard at the national level. This act espouses a philosophy that data collection should be purpose-driven, with consent as its compass. By cutting down on data collection, requiring solid consent, and putting data security first, the draft shows that privacy isn’t just a fleeting idea — it’s a real right that we all have.

What a novel concept … the Act’s provisions put in place robust frameworks that champion the principles of privacy, foster transparency, and reinforce vital privacy protocols. Compliance is not a project plan; it’s a strategic shift that requires alignment, awareness, and an unswerving commitment to patients.

The current piecemeal state-by-state regulation approach is a feeble patchwork and ready for collapse under the first strong blow, much like the vulnerability exposed by the Change Healthcare breach. It’s high time we craft a robust and uniform effort to safeguard the digital rights of every citizen across this nation.

It’s not just about checking boxes. This is about taking serious steps towards protecting our healthcare ecosystem, and most importantly, the patient.

The anticipated benefits — trust buoyed, costs mitigated, and data breaches dissuaded — are not just linear ripple effects. They serve to usher in a new attitude about privacy. One where patient safety isn’t a slogan, but something we protect passionately.

In the U.S., we should absolutely insist on our rights to privacy, not as a convenience, but, as our EU neighbors have already codified — a human right. A right that when respected, fortifies every patient, every provider, and every institution with a foundation of trust that is unshakeable, unassailable, and unmatched in its resilience.

This legislation is a firm commitment to protect the sanctity of health and the inviolability of our privacy. I urge you to join me in support of this draft legislation, recognizing it not merely as rigid legislation, but as a living commitment to protect the sanctity of health and the inviolability of privacy.


Chris Bowen is an accomplished executive with over 20 years of experience in healthcare technology, security, and privacy. Bowen’s expertise spans multiple public cloud platforms and is known for his passion for protecting patient privacy and ensuring health data security. He is a sought-after speaker at national industry events and webinars on topics spanning health data security, legislation, and AI in healthcare.