BBB National Programs to Host Consumer Health Data Privacy Program


Executives for Health Innovation (EHI) coordinated an effort to establish an organization to house a self-regulatory program to govern compliance with new standards for the use of consumer health data. On March 24, he announced that BBB National Programs had been selected to host and manage this new program.

Over the past two years, EHI and the Center for Democracy & Technology (CDT) have led a process to develop a consumer privacy framework for health data. More than 60 organizations from across the healthcare sector participated and public feedback was sought on a set of draft standards in 2020. The framework’s final privacy standards, released in February 2021, included input from a broad range of consumer, health, technology, civil liberties and academic organizations. The work was funded by the Robert Wood Johnson Foundation.

Organizations noted that historically, many privacy models have over-emphasized individuals’ consent to use and access their health data and company notifications. “These outdated privacy models have failed to protect consumers and meaningfully inform them about how their data could be or is actually being used,” they noted.

The framework involves a detailed set of data usage limits. It covers all information that can be used to make inferences or judgments about a person’s physical or mental health under a broad definition of “consumer health information”. It applies to all non-HIPAA-covered entities that collect, disclose, or use consumer health information, regardless of the size or business model of the covered entity.

Speaking in a webinar on March 24, Mary Engle, executive vice president of policy at BBB National Programs, described her nonprofit’s mission as building market confidence and creating a fairer environment for businesses and a better experience for consumers. “We do this by developing and managing effective third-party liability programs in the areas of publicity, privacy and dispute resolution,” she said. “Our programs exhibit the characteristics that the Federal Trade Commission has identified as important for successful industry self-regulation: clear requirements, active oversight, effective enforcement procedures for resolving disputes, a transparent process with broad participation industry, responsiveness to a changing market and consumers and sufficient independent monitoring by industry.

Engle said BBB National Programs tailors its programs to the needs of particular industries and the issues being addressed. For example, some programs apply standards to all industry members, while others are limited to those who actively participate in the program and may include a public statement of commitment. “Our National Advertising Division has provided a voluntary self-regulatory forum for challenging misleading advertising, with a proven track record of advertisers removing misleading claims from the marketplace or otherwise being referred to the Federal Trade Commission,” she said. declared.

“Consumer health data has long been recognized as highly sensitive and the information warranting strict protections, yet federal law has failed to keep up with the spread and proliferation of this sensitive data outside of the health and medical sectors. HIPAA-regulated insurance,” Engle said. “With health apps, wearables and websites, this was true even before COVID-19 arrived, but it has been accelerated by the pandemic. Now, all kinds of institutions — theaters, clubs, arenas, airlines — are collecting vaccination status, COVID exposure, and other health data. Now is the time to highlight one of the historical advantages of industry self-regulation, which is to act faster and be more nimble than government regulation can be.

She said BBB National Programs were excited to participate on the steering committee in developing the framework. “And we are thrilled and honored to have been chosen as the organization to host the new Independent Executive Accountability Program. We are excited to work with EHI and other stakeholders to determine the contours of the program and the elements of accountability necessary to ensure appropriate consumer health data protection.


Comments are closed.