Archives     Advertise     Editorial Calendar      Advertiser Index     Subscribe     Contact Us    

AMA Issues New Privacy Principles

Jesse Ehrenfeld, MD, MPH

Organization Looks to Restore Trust, Power to Patients

From wearables and fitness apps to EHRs and patient portals, an individual's health data resides in a lot of different places. In the wake of rising privacy concerns, however, the American public has grown increasingly worried about how their information is used and with whom it is shared.

In response to this unease, the American Medical Association released new privacy principles in May that support an individual's right to control, access and delete personal data collected about them. Jesse Ehrenfeld, MD, MPH, immediate past chair of the AMA Board of Trustees, said it was important for the organization to take a leadership role on the topic. "Trust is a fundamental component of the physician-patient relationship. For me to provide the best care to my patients, my patients have to trust they can share information with me they might not want anyone to know," he said, adding there's only one opportunity to get it right. "Once privacy is lost, you can't get it back. Privacy has to be fiercely protected."

Rock Health and Stanford Center for Digital Health recently released a white paper outlining findings from the 2019 Consumer Adoption Survey. In its fifth year, the study highlighted another reason the AMA is well positioned to take the lead in outlining privacy expectations - physicians remain the most-trusted group when it comes to sharing health data. Even physicians, however, have seen consumer confidence slip a little over the last three years. Yet, nearly three-quarters of respondents still were willing to share information with physicians and more than half with insurance companies compared to 23 percent willing to share with health tech companies, 12 percent with the government, and only 10 percent with general tech companies.

Confidence has been shaken by a number of tech sector breaches and scandals over the last few years, said Ehrenfeld, a public health policy expert who serves as director of the Advancing a Healthier Wisconsin Endowment and maintains a faculty appointment at Vanderbilt University School of Medicine. Additionally, there is growing recognition and frustration over the tech business model that quietly collects personal data, often without consumer knowledge or consent and without the strictures that accompany HIPAA. "We fully support the right of patients to be able to access, download and share their data," Ehrenfeld stated, adding that control belongs with the individual not an entity.

To address these concerns and issues, he said the AMA Privacy Principles outline transparency expectations across five main categories - individual rights, equity, entity responsibility, applicability and enforcement.

Ehrenfeld noted part of the impetus for AMA publishing these new principles stems from the spring release of final rules on data sharing and patient control from the U.S. Department of Health and Human Services in connection to the 21st Century Cures Act and the MyHealthEData initiative. "We advocated strongly and regularly to HHS to include controls in those final rules that would promote how apps use health data and how patients can prevent an app from using their information without consent," he said. "Unfortunately, HHS didn't take any action in that final rule to promote transparency."

Ehrenfeld added, "HIPAA is a law that predates almost all modern digital technology. HIPAA does not cover data that is created or managed by a patient or third party app." Without appropriate privacy controls, he said health information collected by apps or wearable fitness trackers could be shared with an employer or added to a credit score. "Once health information goes out the door and goes to a broker, you have the perfect recipe for harmful profiling and discrimination," he pointed out.

Yet, he continued, data collection is both ubiquitous and important to optimizing care. Trackers and apps can improve activity levels, diet, hydration and disease management. Data collection can highlight risk factors, identify at-risk populations or help clarify symptoms and spread of an infectious disease like COVID-19. "The more assurances people have about how entities will use that data, the more willing society will be to use technologies - whether it's telehealth or contact tracing," he said.

"We think that having guardrails and transparency is key to building trust and not inhibiting data exchange. We want to restore confidence in data privacy, and that's what our principles are all about," Ehrenfeld concluded.

Highlights of AMA Privacy Principles

The American Medical Association detailed expectations and rights for data exchange and privacy derived primarily from policy approved by the AMA House of Delegates. In a release, AMA leadership said the goal is to create a national framework of transparency and guardrails to guide data collection, direct privacy legislation and build public trust. The privacy principles are available below.

Individual Rights: Recognition that individuals have the right to know who is collecting their data, why it's being collected, how it will be used, and what is in the information. Furthermore, the AMA calls for individuals to have control over their info unless privacy rights have been waived "in a meaningful way," the data has been appropriately de-identified, or in rare instances when a public health or safety issue warrant "limited invasions of privacy or breaches of confidentiality."

Equity: Commitment to adopting privacy protections promoting equity and justice to ensure individuals are safeguarded from discrimination, stigmatization, profiling or exploitation in the collection, processing or sharing of data.

Entity Responsibility: Expectation that all entities that maintain an individual's health information "should have an obligation or 'duty of loyalty' to the individual." With that expectation, the entity should disclose exactly what data is collected and for what purpose.

Applicability: Understanding that privacy legislation applies to all entities that "access, use, transmit and disclose data," including entities not traditionally associated with healthcare that might be outside current HIPAA regulation.

Enforcement: Recognition that individuals shouldn't be responsible for the cost of enforcement except when exercising their private right of action. Furthermore, federal privacy legislation should serve as a "floor, not a ceiling" and shouldn't weaken any state laws or regulations.


AMA Privacy Principles


Related Articles:

Recent Articles

Meharry Medical College and University of Memphis Launch PECIR Program, Driving Research Collaborations

Read More

UPDATE: UnitedHealthcare Policy on Emergency Coverage

Read More

ACEP Condemns UnitedHealthcare's New Policy to Retroactively Deny Emergency Care

The American College of Emergency Physicians (ACEP) strongly condemns the dangerous decision by UnitedHealthcare to retroactively deny emergency care claims.

Read More

Gerald E. Harmon, M.D., Inaugurated as 176th president of the AMA

Gerald E. Harmon, M.D., a family medicine physician from Pawleys Island, S.C., will be sworn in today as the 176th president of the American Medical Association (AMA), the nation's premier physician organization.

Read More

American Telemedicine Association: Policy Halftime Report As State Legislators Head Into Summer Recess

As most state legislators head into summer recess, the American Telemedicine Association (ATA) reflects on a very active first half of the year, which saw all 50 state legislatures introducing new or updated telehealth bills.

Read More

NIH-funded study tests "one-stop" mobile clinics to deliver HIV, substance use care

One of five mobile health clinics deployed for the NIH-funded INTEGRA study. Artwork for the clinic was designed by artist Shepard Fairey.

Read More

COVID-19 Pandemic Brought Changes in Cigarette Smoking: Study

Smokers who believed they were at increased risk of getting COVID-19 during the pandemic, or having a more severe case, were more likely to quit while those who perceived more stress increased smoking, according to new research published in the Journal of General Internal Medicine.

Read More

Secret Shopper Study Sheds Light on Barriers to Opioid Treatment for Women

After a 2020 Vanderbilt University Medical Center study showed women have a difficult time accessing treatment for opioid use disorder (OUD), investigators analyzed comments received from the study's participants to further shed light on barriers to care, which included everything from long on-hold times to difficult interactions with clinic receptionists during phone calls seeking appointments.

Read More

Predictive Model Identifies Patients for Genetic Testing

Patients who, perhaps unbeknownst to their health care providers, are in need of genetic testing for rare undiagnosed diseases can be identified en masse based on routine information in electronic health records (EHRs), a research team reported today in the journal Nature Medicine.

Read More

AMA Announces New Effort Aimed at Standardizing Blood Pressure Measurement Training at Medical and Health Profession Schools Across the U.S.

New e-learning modules provide consistent, evidence-based BP measurement techniques for students at health care schools nationwide--addressing gaps in current training to improve national blood pressure control rates

Read More

Email Print



AMA, AMA Privacy Policy, American Medical Association, Data Collection, Data Sharing, Jesse Ehrenfeld, Patient Privacy, Personal Health Information
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: