Following conversations in Washington and state capitals, the American Telemedicine Association published its new Health Data Privacy Principles this week. 

They're meant to address concerns about state privacy laws governing consumer health data, according to ATA, which is urging policymakers to ensure conditions that stimulate innovation and advance patient access to virtual care.

WHY IT MATTERS

The ATA's chief concern in publishing the data privacy principles is helping ensure that patient rights are consistent nationally without worry that states might have different rules.

State laws and policies should also define consumer health data with the uniform language defined as protected health information under HIPAA, the group said in its announcement this week.

"State consumer privacy laws should be consistent with and not exceed HIPAA’s standards to the greatest extent possible, to ensure that patient protections are not contingent on whether the entity is HIPAA-covered," said ATA officials.

"What this signifies is the consensus perspective on these issues from the perspective of the telehealth community," Kyle Zebley, ATA's senior vice president of public policy, told Healthcare IT News on Thursday. 

ATA, which represents the full range of providers that deliver telehealth, has intervened with some states as they grapple with health data privacy legislation, he said. 

The new principles are the basis from which the organization will engage with state legislatures looking at telehealth data privacy and federal agencies – such as the Federal Trade Commission – taking on pieces of consumer privacy as it relates to telehealth.

Even with the pandemic, telehealth is relatively new to so many people, including the policymakers and communities thinking about expanding telehealth access.

"Telehealth is healthcare and it should not be segmented, segregated, separated or considered out of contact from the rest of the U.S. healthcare delivery system," Zebley said. "Let's apply tried-and-tested principles of the oversight and regulation of healthcare as we would for in-person care, as we think about how we get telehealth more integrated into that overall U.S. healthcare system."

Key components of the ATA's Health Data Privacy Principles include:

• Consistency.
• Definition of Consumer Health data.
• Health Insurance Portability and Accountability Act.
• Consumer Rights.
• Consumer Consent, Sale of Data & Opt-Out.
• Enforcement.

THE LARGER TREND

For 30 years the ATA has advocated on behalf of telehealth providers. Earlier this year, ATA and ATA Action led a groundswell of commentary on the U.S. Drug Enforcement Administration's proposed permanent changes to the e-prescribing of controlled medications at the close of the COVID-19 national public health emergency.

The telehealth organization made comments that the DEA should maintain mechanisms that prevent drug diversion, and at the same time ensure patients do not lose access to necessary treatments. 

ATA was a staunch advocate for leveraging the electronic prescribing of controlled substances in brick-and-mortar healthcare delivery channels that are used to determine the legitimacy of a prescription for telehealth providers. Citing the lack of a controlled substance registration process for telehealth providers as a missed opportunity, the telehealth industry appears to have been heard.

The DEA may be putting a telehealth controlled substance registry on the table in holding listening sessions in September.

ON THE RECORD

"The ATA supports efforts to ensure telehealth practices meet standards for patient safety, data privacy and information security while advancing patient access and building awareness of telehealth practices," Zebley said in a statement Monday. "The ATA and the ATA’s data work group believe that the protection of patient data is a prerequisite for connected care and a core principle for our organization."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.