The U.S. Department of Health and Human Services (HHS) has said it will allow the use of a new type of health data service, the HIPAA-compliant Health Data Exchange (HDE), to allow companies to collect and share medical and behavioral data from their customers.
This is a major step forward in improving the privacy and security of data, according to privacy advocate Peter Thiel, CEO of cybersecurity firm CrowdStrike, who said the change will allow people to be confident that their health information is secure and that companies are following HIPAA privacy standards.
“The HIPAA Privacy Rule is a landmark rule that says we are not supposed to collect data from people that aren’t supposed to be,” Thiel said in an interview with Vice News.
“HIPAA says that we are supposed to use the information that we collect to protect the privacy of individuals and to make sure that it’s not used against them.”
While some of the main privacy concerns around HIPAA have focused on data collection, such as data retention, privacy advocates have been more concerned with the use and dissemination of personal health information, which can be used to identify individuals with serious illnesses or even for fraud, according, Thiel said.
Companies have been able to use data collected from their users to create “persona management systems” that are used to help people manage their medical information and identify themselves to insurance companies, he said.
This could lead to more people being enrolled in insurance plans or receiving medical services, he noted.
“If you go to an insurance company, the first thing they want to do is see how well you’re doing, so they can try to figure out who you are and who your family members are, and they can then figure out how to get you to enroll,” he said, adding that the data could also be used for marketing purposes, such in health care billing.HIPPA allows health data to be collected through a process called “medical record linkage,” which allows individuals to share their medical records with other individuals, including doctors, dentists, and other health professionals.
The law allows companies to share health information without disclosing that it could be used by a third party, though privacy advocates say that disclosure is a necessary step to make this data available.”HIPA protects the privacy rights of individuals without making it mandatory,” Thiel explained.
“You can be your own data broker.”
He said that it would be more useful to use this data to create health care tools that would allow people access to more medical information.
“You can get a little more granular about how your health is measured and what your blood pressure is,” he added.
“And you can get more detailed about what medications you take and the types of diseases that you have.”
“If they can’t do that, they should be able to do that,” he continued.
“That’s the big point.
You don’t need to do it to collect all this data.
It’s just to be able make better health decisions.
I think that’s the bigger problem with this whole idea of privacy, is that it gives companies a free pass to do what they want.
That’s a dangerous way to do things.””
You’re not really trying to protect people, you’re trying to make money,” he concluded.
“It’s a good idea to have a health care system that’s safe, but at the same time, it’s a free-for-all.”
“The real reason for HIPAA is to keep people from doing the same thing again, again,” Thiel added.