August 16, Aspen, CO - CDT President Leslie Harris will deliver an opening presentation for a session titled "Intellectual Property," during the Aspen Institute's Conference on Communications Policy.
At CDT, we constantly strive to identify and promote balanced solutions to policy challenges. In the past two weeks, we pointed out flaws in several otherwise well-intentioned proposals moving through the Congress and the Executive Branch. Joined by leading conservatives, we warned that the Administration's proposed amendments to the Computer Fraud and Abuse Act should not proceed until the overbroad and vague language contained in the Act itself is fixed. We noted that the federal effort to craft a national data breach notification law to replace the current patchwork of state rules itself needs to be patched: patient health information isn't covered by any of the pending proposals. And we sought to improve a rule proposed by the Department of Health and Human Services aimed at making it easier for patients to find out who has accessed their health records.
Computer Crime Law Needs Revision to Prevent 'Gross Misuse'
Data Breach Bills Ignore Health Information
Data breach bills circulating in Congress all exclude health data. The gap may stem from legislators assuming that all health information is already protected by the federal health data privacy rules adopted under HIPAA; however, those rules only cover data held by certain entities. An increasing amount of digital health information is flowing into the hand of entities not covered under HIPAA. Some state laws requiring breach notification do cover health data regardless of who holds it, but those laws would be preempted by a federal law. As a result, if any of the data breach bills introduced in this Congress passes as currently written, a commercial entity that lost your full name and a list of your medications would not be obligated to notify you. As Congress debates and modifies the data breach bills now under consideration, CDT is working to ensure an appropriate match between the coverage of the federal law and the scope of preemption of state laws.
Good News, Bad News for Medical Record Transparency
One of the most significant and controversial measures being developed to implement the privacy and security provisions of the HITECH Act of 2009 is a proposed requirement that "covered entities"--such as hospitals and doctor's offices--provide each patient "upon request" with a report detailing who accessed that patient's medical records. While improving patients' ability to obtain a list of who has accessed and received their medical records would enhance transparency in the health care system, a goal CDT supports, the technology in use at most health care facilities likely cannot achieve the requirements of the proposed regulation without considerable burden and expense. CDT filed comments with HHS urging the department to focus on what current technology can accomplish and to build a long-term transparency strategy that benefits patients without overburdening health care organizations.
CDT Chief Computer Scientist Alissa Cooper gives a first hand account of the recent meeting of the Internet Engineering Task Force, one of the key technical standards bodies for the Internet. More than 1,200 engineers gathered to tackle some of the most daunting challenges in network engineering. One theme seemed to permeate the meeting: privacy.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.