èƵ

Skip to Content
News

èƵOutlines Priorities and Roadmap for Protecting Privacy and Security of Consumer Health Information

Press Release

Published Feb 9, 2022 • by AHIP

WASHINGTON, D.C. – (February 9, 2022) – Today, AHIP’s Board of Directors and its Chief Medical Officers leadership team released core guiding priorities and a detailed roadmap to further protect the privacy, confidentiality, and cybersecurity of consumer health information. Health insurance providers have long-been a leader in developing privacy, confidentiality, and cybersecurity practices to protect personal health information. These priorities reaffirm that commitment while offering a path forward for legislators and regulators to keep Americans’ health data secure and provide them with actionable health information.

“It is essential that every American is confident that their personal health information is private and protected – no matter who holds it,” said Matt Eyles, èƵPresident and CEO. “Health insurance providers have long been committed to instituting privacy and cybersecurity practices to protect every individual’s personal health information – from employer-provided coverage to the individual market, from Medicare Advantage to Medicaid managed care. As new technologies emerge and the health care system continues to evolve, these priorities reaffirm èƵand our members’ commitment to enhancing patients’ access to actionable health information while keeping their personal data secure. And by following the roadmap laid out by our industry’s leading experts, we believe that legislators and regulators can help give Americans the peace of mind they deserve.”

AHIP’s Chief Medical Officers emphasized that new technologies – including telehealth, apps, and other digital health care services – should be subject to the Health Insurance Portability and Accountability Act (HIPAA) or similar requirements. They also advised that HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act and corresponding regulations should remain the primary legal framework for protecting Americans’ health information.

In outlining these pieces today, èƵis stating unequivocally that Americans deserve better access to personalized, actionable health care information to empower them to make more informed decisions in a way that protects their privacy, confidentiality, and security.

The èƵBoard of Directors released the following set of core guiding priorities for helping secure vital patient data:

  • Every person should have access to their data and be able to easily know how their health information may be shared. Consumers should be informed in a way that is clear, concise, and easy to understand about how to access their personal health information and how it could be used and disclosed. Health insurance providers should seek new solutions to provide consumers with more options about how their information is shared.
  • Personal health information should be protected no matter who holds the data. As health and health-related data become more interoperable, entities that collect, use, store, or disclose consumer health information should be required to comply with HIPAA or new HIPAA-like protection requirements.
  • Demographic data should be leveraged to improve health equity and outcomes. Demographic data such as race, ethnicity, religion, sexual orientation, gender identity, and disability status should be used to promote individual and public health initiatives, including addressing health disparities. Demographic data should not be used to discriminate against any individual or group of individuals.
  • Entities offering digital tools should be required to embed consumer privacy and security protections within those tools. Defining a federal approach for privacy and security can help ensure consistent protection of health information in a variety of situations and avoid a patchwork approach that results in gaps and vulnerability.
  • The commercial sale of identifiable health information should be prohibited without the agreement of the individual. Identifiable data cannot be sold under HIPAA. Digital tools not subject to HIPAA should be subject to similar robust privacy law ensuring a consumer’s identifiable data cannot be sold without express consent beyond the initial “click box” terms and conditions.

The èƵChief Medical Officers leadership team also released a roadmap for legislators and regulators for medical health coverage. The topline points follow below:

  • HIPAA or similar requirements should be expanded to entities that collect, use, disclose, or store individuals’ health and health-related information but are not currently subject to the rigorous privacy or security parameters that our industry requires.
  • Individuals should have access to their health data and be able to easily know how their health information may be shared.
  • Privacy requirements governing private entities should support digital platforms and telehealth in a way that promotes the privacy and security of information exchanged.   
  • Privacy requirements should evolve to better support public health requirements.   
  • The commercial sale of identifiable health information should be prohibited without the agreement of the individual.
  • The United States should have a national privacy and security approach for health information. 
  • Laws and regulations and resulting costs should be analyzed with any resulting benefits before new or changing administrative, technical, and physical policies or controls are implemented.
  • Government policies should recognize that, as an industry, health insurance providers have continued to invest in and adhere to strong cybersecurity practices and policies.
  • Consumer demographic data should be used to reduce disparities and improve outcomes. Data should not be permitted to be used to discriminate.
  • The Federal Trade Commission should work on guidance addressing these priorities to the extent they have authority and seek authority from Congress where needed.

èƵ AHIP

èƵis the national association whose members provide health care coverage, services, and solutions to hundreds of millions of Americans every day. We are committed to market-based solutions and public-private partnerships that make health care better and coverage more affordable and accessible for everyone. Visit to learn how working together, we are Guiding Greater Health.