ADA replies to Senate request for information on HIPAA
Association urges caution for new regulation, compliance training funding
The ADA responded to a request for information from Sen. Bill Cassidy, R-La., Ranking Member of the Senate Health, Education, Labor, and Pensions Committee, about how to secure health data not currently protected by the Health Insurance Portability and Accountability Act amid the advancement of health care technology.
“America’s dentists make patient data privacy a priority in their practices every day and welcome your interest in how data privacy can continue to be protected from emerging threats,” reads a letter signed by ADA President George R. Shepley, D.D.S., and Executive Director Raymond A. Cohlmia, D.D.S.
The ADA’s response urges Congress to avoid new regulations that would “further burden” small businesses like dental practices, most of which cannot hired staff needed for new compliance concerns. Mr. Cassidy’s RFI focused on five different categories, with the ADA responding to multiple questions within each category.
In response to general privacy questions, the Association called on Congress to provide transparency for consumers on what is and is not covered by HIPAA as well as privacy warnings for health products collecting data not governed by HIPAA.
The response also asks Congress to clarify HIPAA’s “confusing and sometimes conflicting” privacy requirements for the disclosure of substance abuse-related patient records.
“We urge Congress to work with [The Department of Health and Human services] to clarify and better align … confidentiality and privacy requirements with HIPAA.”
In response to questions about Health Information Under HIPAA, the Association urged Congress to not only provide funding for training of compliance staff when placing new “compliance burdens” on health care providers, but also to create an exception under HIPAA that allows dentists to disclose patient information in response to online reviews without violating the HIPAA and Federal Trade Commission regulations.
“Allowing dishonest and unfair reviews to go without response because of privacy regulations negatively impacts the health of patients and consumers seeking trustworthy information about where to seek care,” the letter states.
In response to questions about the collection of health data, the ADA said that while it supports Congress determining how to regulate non-HIPAA covered data, the need to regulate must be balanced by “limiting the burden of HIPAA compliance on dentists and patients.”
The RFI also focused on regulation of artificial intelligence, and the Association responded to questions about the privacy challenges and benefits of AI, implementing privacy by design into AI-enabled software and the idea of patients opting out of datasets used to inform algorithmic development. The Association stated that developers must be transparent in their use of AI and “facilitate for providers an efficient mechanism for a patient to give informed consent or opt out of their data being used for algorithmic development.”
Finally, the enforcement section of the RFI touches on the role of federal agencies in safeguarding health data. The ADA encouraged Congress to simplify the burden of compliance due to the “complexity of the legal and regulatory framework for HIPAA enforcement.”
For more information about all the ADA’s advocacy, issues, visit ADA.org/Advocacy.