Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

What the newly proposed Health Data Use and Privacy Commission Act means to you

What the newly proposed Health Data Use and Privacy Commission Act means to you

Two U.S. Senators recently introduced the Health Data Use and Privacy Commission Act. The new legislation aims at modernizing health data privacy laws such as HIPAA. The U.S. Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of 1996 to protect the rights and privacy of patients.

And while updates occur, none so far effectively address emerging technologies. A new update to HIPAA can only be beneficial for healthcare covered entities and their patients. Especially because an important facet of HIPAA is safeguarding patients’  protected health information (PHI).

SEE ALSO: HIPAA compliant email

Something that must match the technological advances being made today.


A HIPAA refresher

HIPAA protects the rights and privacy of patients and combats fraud and abuse related to PHI.


HHS’ Office for Civil Rights regulates and enforces the act, which consists of five sections (or titles). Most referenced is Title II as it sets the policies and procedures for safeguarding PHI, whether in paper or electronic ( ePHI) form. Updates to Title II include:



Understanding and implementing these guidelines is fundamental to avoiding breaches and  HIPAA violations and properly reporting problems.


The Health Data Use and Privacy Commission Act

Introduced by U.S. Senators Tammy Baldwin (D-WI) and Dr. Bill Cassidy (R-LA), the Health Data Use and Privacy Commission Act brings HIPAA up to speed. In the past 25 years since enacting HIPAA, the healthcare industry has welcomed technological innovations.

SEE ALSO: The healthcare digital transformation

Unfortunately, the legislation does not fully address emerging technologies, including smart or IoT (Internet of Things) devices (e.g., medical IoTs) as well as cloud technology.

Baldwin and Cassidy’s act establishes a commission to review existing PHI protections and current use and disclosure practices. The commission will draft recommendations and conclusions and convey its findings to Congress and the President within six months.

The final report should address:


  • Potential threats to individual privacy and business/policy interests
  • The purpose of some PHI use and disclosure
  • The effectiveness of existing legislation
  • Suggestions on reforming current laws and regulations
  • Costs and burdens of making updates
  • Possible non-legislative solutions
  • A review of third-party compliance requirements


According to Cassidy in a press release, “As a doctor, the potential of new technology to improve patient care seems limitless. But Americans must be able to trust that their personal health data is protected if this technology can meet its full potential.”


Why is a HIPAA update helpful?

Today, covered entities rely heavily on technology for day-to-day and critical operations. Sometimes this means using outdated systems while other times this means using innovative, new devices.

The HIPAA Security Rule and HITECH Act support the use of new technologies, but as the Senators contend, HIPAA misses the mark on providing advanced technological guidance. Updating the legislation, therefore, should:


  • Provide covered entities with more support
  • Suggest other methods to stop breaches and keep PHI from being stolen
  • Aid the increased reliance on technology


This commission will start the process by providing additional guidance and clarification. Something that industry leaders say healthcare organizations need and want:

Providers, health plans, and other covered entities and their business associates covered by the Privacy Rule as well as the patients they serve need clarity and consistency in health data privacy and use rules.

Email security is as relevant as ever

One aspect of HIPAA cybersecurity that won’t change is the need for email security. That is because HIPAA compliant email provides a solid communication method for strong patient engagement.

RELATEDWhy healthcare providers should use HIPAA compliant email

Paubox Email Suite provides needed email protections because our  HITRUST CSF certified solution encrypts all outbound email. Even better, employees can send these emails directly from an existing email platform (e.g.,  Microsoft 365 or  Google Workspace) with no hassle.

Technology can improve healthcare, especially when fortified by strong legislation. As Cassidy reiterates in the press release, “HIPAA must be updated for the modern-day. This legislation starts this process on a pathway to make sure it is done right.”


Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.