Going Beyond HIPAA to Protect Health Data PrivacyAndrew Crawford of the Center for Democracy and Technology Describes Proposed Framework
A proposed privacy framework from the advocacy groups the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.
That data ranges from personal information collected from smartwatches and fitness tracking apps to geolocation information and content from websites related to health, he says.
"What we've tried to do is identify data sets that are as equally sensitive [as protected health information under HIPAA], but are housed, held and used outside HIPAA's rather strict definition," he says.
The voluntary framework would apply to entities such as application developers, IoT device makers, website developers and other companies not covered under HIPAA, he says.
"The core part of the framework is the protections around how entities collect, use and disclose this data – how they treat and handle it," he says in an interview with Information Security Media Group.
"We've really drawn a lot of tight protections around this so that the data is only going to be used for limited purposes consistent with a consumer's request and expectation."
In the interview (see audio link below photo), Crawford discusses:
- How different types of entities would potentially apply the framework;
- How this latest iteration of the framework builds upon a draft version issued last year;
- What's planned next for the proposed privacy framework.
Crawford is a policy counsel with CDT’s Data and Privacy Project. Previously, he was counsel to U.S. Sen. Chris Coons, D-Del., focusing on Judiciary Committee matters, including privacy, technology, law enforcement, nominations, immigration and telecommunications. Before that, Crawford worked in the Office of International Affairs within the U.S. Justice Department, where he assisted with criminal extraditions and international evidence sharing.