THE LAW OF MEDICAL PRIVACY IN THE USA: NOT GOOD ENOUGH FOR COVID-19
This article addresses the privacy of medical and health data in the US. It analyzes the scope and requirements of federal and state laws in the US, and it discusses the weaknesses in the US protection of medical privacy. Then, this article explains how the weak US system of privacy protection was unable to handle many important privacy issues in the COVID-19 pandemic. Finally, the article concludes with some recommendations for action.
Satariano, A, E.U. Court Strikes Down Trans-Atlantic Data Transfer Pact, New York Times, (July 16, 2020). URL: https://www.nytimes.com/2020/07/16/business/eu-data- transfer-pact-rejected.html
Schrems and Facebook Ireland v Data Protection Commissioner, (2020) CJEU Case C-311/18, Paragraph 185. URL: http://curia.europa.eu/juris/document/document.jsf?text=& docid=228677
Speech by Federal Chancellor Angela Merkel at the 49th World Economic Forum Annual Meeting in Davos on 23 January 2019. URL: https://www.bundesregierung.de/ breg-en/news/speech-by-federal-chancellor-angela-merkel-at-the-49th-world-economic- forum-annual-meeting-in-davos-on-23-january-2019-1574188
Harris, D, Contemporary Issues in Healthcare Law & Ethics (4th edition), (Chicago, Health Administration Press, 2014).
551 P.2d 334 (Cal. 1976).
National Conference of State Legislatures, Mental Health Professionals’ Duty to Warn (October 12, 2018). URL: http://www.ncsl.org/research/health/mental-health- professionals-duty-to-warn.aspx
Public Law No. 104–191 (1996).
Public Law No. 111–5, 13401, 13404 (2009).
Terry, N, Health Privacy Is Difficult but Not Impossible in a Post-HIPAA Data- Driven World, CHEST, (2014), 146(3): 835–840.
Terry, N, Big Data Proxies and Health Privacy Exceptionalism, Health Matrix, (2014), 24(1): 65–108.
Ross, C, After 9/11, we gave up privacy for security. Will we make the same trade- off after Covid-19? STAT, (April 8, 2020). URL: https://www.statnews.com/2020/04/08/ coronavirus-will-we-give-up-privacy-for-security/
45 CFR 164.512(b)(1)(i).
HIPAA and COVID-19. URL: https://www.hhs.gov/hipaa/for-professionals/special- topics/hipaa-covid19/index.html
COVID-19 and HIPAA: Disclosuresto law enforcement, paramedics, other first responders and public health authorities. URL: https://www.hhs.gov/sites/default/files/ covid-19-hipaa-and-first-responders-508.pdf
85 Federal Register 19392-93 (April 7, 2020).
85 Federal Register 22024-05 (April 21, 2020).
McCoy, M et al, Prevalence of Third-Party Tracking on COVID-19 – Related Web Pages, JAMA, (October 13, 2020), 324(14):1462–1464.
McCoy, M, T Libert, & A Friedman, Online privacy loss: another Covid-19 aftershock, STAT, (September 30, 2020). URL: https://www.statnews.com/2020/09/30/ online-privacy-loss-another-covid-19-aftershock/
New York Times Editorial Board, Privacy Cannot Be a Casualty of the Coronavirus, New York Times, (April 7, 2020), https://www.nytimes.com/2020/04/07/opinion/digital- privacy-coronavirus.html
Singer, N, and SH Choe, As Coronavirus Surveillance Escalates, Personal Privacy Plummets, New York Times, (April 17, 2020). URL: https://www.nytimes.com/2020/03/23/ technology/coronavirus-surveillance-tracking-privacy.html
De la Garza, A, Contact Tracing Apps Were Big Tech’s Best Idea for Fighting COVID-19. Why Haven’t They Helped? TIME (November 10, 2020). URL: https://time. com/5905772/covid-19-contact-tracing-apps/
Does a HIPAA covered entity that fulfills an individual’s request to transmit electronic protected health information (ePHI) to an application or other software (collectively “app”) bear liability under the HIPAA Privacy, Security, or Breach Notification Rules (HIPAA Rules) for the app’s use or disclosure of the health information it received? URL: https://www.hhs.gov/hipaa/for-professionals/faq/3009/does-a-hipaa-covered-entity-bear- liability.html
45 CFR 160.103.
Fuller, T, How Much Should the Public Know About Who Has the Coronavirus? New York Times, (March 30, 2020). URL: https://www.nytimes.com/2020/03/28/us/coronavirus- data-privacy.html
Tahir, D, and M Ravindranath, How the coronavirus is upending medical privacy, POLITICO, (April 28, 2020). URL: https://www.politico.com/news/2020/04/28/coronavirus- medical-privacy-217671
Oppel, R, et al, The Fullest Look Yet at the Racial Inequity of Coronavirus, New York Times, (July 5, 2020). URL: https://www.nytimes.com/interactive/2020/07/05/us/ coronavirus-latinos-african-americans-cdc-data.html
Public Law No. 104-191, Title II, Subtitle F, 264 (c)(1) (1996).
Litman-Navarro, K, We Read 150 Privacy Policies. They Were an Incomprehensible Disaster, New York Times, (June 12, 2019). URL: https://www.nytimes.com/ interactive/2019/06/12/opinion/facebook-google-privacy-policies.html
Singer, N, What Does California’s New Data Privacy Law Mean? Nobody Agrees, New York Times, (December 29, 2019). URL: https://www.nytimes.com/2019/12/29/ technology/california-privacy-law.html
Hecht-Felella, L, and K Mueller-Hsia, Rating the Privacy Protections of State Covid-19 Tracking Apps, BRENNAN CENTER FOR JUSTICE, (November 5, 2020). URL: https://www.brennancenter.org/our-work/research-reports/rating-privacy-protections-state- covid-19-tracking-apps
This work is licensed under a Creative Commons Attribution 4.0 International License.