A group of Democratic Senators and Congressional members proposedlegislation meant to tackle the privacy and security issues tied to technologies used for the COVID-19 response, including contact tracing apps, digital monitoring tools, and vaccine appointment scheduling apps.
The bill is designed to tackle a key issue posed by many of these third-party apps: the majority do not fall under HIPAA. The Office for Civil Rights also recently applied enforcement discretion for web scheduling apps not covered by HIPAA, to expedite adoption and support the vaccine rollout.
The concern is that the number of cyberattacks on healthcare web apps has increased by 51 percent since the start of vaccine distribution. And the majority of COVID-19 sites are plagued with third-party tracking, which poses massive privacy risks.
The proposed legislation aims to tackle these privacy and security concerns through strong and enforceable privacy and data security rights for health information. As previously reported, many consumers are reluctant to use the tech necessary to stymie the spread of the COVID-19—although its use is crucial to an effective response.
If passed, the bill would ensure data collected for public health purposes is limited to that specific use case and explicitly prohibits the use of public health data for discriminatory, unrelated, or intrusive purposes, such as advertising, e-commerce, or efforts to bar access to educational or financial opportunities, among others.
The legislation also seeks to prevent the potential misuse of health data by government agencies with no role in public health, while requiring meaningful data security and integrity protections, like data minimization and accuracy.
Compliance & Ethics