Promoting Health Privacy in a Digital World
CareFirst is committed to providing consumers with the best service while protecting their information and respecting their right to privacy. Consumers entrust us with their personal and medical information. We take protecting that information seriously.
Recognizing the importance of the privacy of Americans’ health information, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996. Since then, HIPAA has become the cornerstone of privacy and data security in the healthcare industry. While a lot has changed since 1996, the regulatory framework established under HIPAA continues to provide essential consumer privacy protections by holding health insurers and healthcare providers countable.
Policymakers can do more to protect consumer privacy while promoting innovation:
HIPAA provides strong consumer protections for data controlled by Covered Entities and their Business Associates. With more sensitive health information being collected, used and stored by entities not subject to HIPAA, Congress should expand HIPAA or apply similar requirements to these entities.
Innovation in interoperability standards can enable the secure and fast sharing of clinical and billing information that would transform the healthcare industry. Greater interoperability of patients’ health data can improve the quality-of-care consumers receive, reduce overall healthcare costs and advance health equity.
While disclosing certain types of information can be helpful to consumers, other types can pose risks to consumers. Policymakers should consider the risks to consumer privacy when mandating specific disclosures and opt for the minimal amount of disclosure possible.
The COVID-19 pandemic pushed the rapid adoption of technology in the healthcare sector. Policymakers should continue to support policies and programs that promote telehealth and other technologies that improve consumer access to high-quality care and reduce costs while ensuring privacy is protected.
Consumer data is essential to improving health outcomes and reducing disparities. Policymakers should support the use of demographic information to improve the health of individuals, reduce inequalities and advance public health. Data should not be used in a discriminatory manner.
members entrust CareFirst with their data.
HIPAA Does
- Require covered entities and their business associates, including providers, health plans, and clearinghouses to protect health data they collect.
- Give patients control over their health information, including rights to know how their information is used and to examine and correct health records.
- Limit how covered entities can use and disclose health records, including prohibiting the sale of identifiable health data.
HIPAA Does Not
- Protect all health data.
- Cover all data collected by websites, search engines, smart devices and health apps.
- Prevent individuals from sharing their own medical information with friends, family or the public.
92 %
of people believe privacy is a right and their health data should not be available for purchase by corporations or other individuals. (AMA Survey)
believe stronger protections of privacy are more important than easier access to health data. (AHIP Survey 2020)
in Medicare visits conducted via Telehealth in 2020, going from approximately 840,000 to 52.7 million according to the ASPE.