Washington Debrief: FTC May Review, Penalize for HIPAA Data Violations | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Washington Debrief: FTC May Review, Penalize for HIPAA Data Violations

January 27, 2014
by Jeff Smith, Director of Public Policy at CHIME
| Reprints
Jeff Smith, Director of Public Policy at CHIME

Hospitals, Physicians May be subject to Broader Penalties for Data Breaches

Key Takeaway: A unanimous Federal Trade Commission (FTC) ruling extends its authority over data security to include HIPAA covered entities. Historically, the role of the FTC has been to protect consumers and police unfair business practices.

Why it Matters: This ruling makes very real the possibility that hospitals and physicians who experience data breaches are subject to HIPAA enforcement actions, as well as penalties issued by the FTC.

Next Steps: CIOs should reexamine their formal data security compliance program(s) to ensure that, should the FTC investigate a breach, CIOs can demonstrate that they have taken a reasonable approach to securing consumer data.

Next Steps: Rare is the moment that the Washington Debrief turns its gaze to what goes on inside the court room (especially when Obamacare is not on the docket). But last week, the Federal Trade Commission (FTC) issued a ruling that has direct implications on two court cases – and likely will have implications for healthcare CIOs everywhere.

In a ruling issued last week (re LabMD, Inc., FTC, No. 9357, 1/16/14), FTC officials said their enforcement authority under the FTC Act doesn’t conflict with HIPAA, and that, covered entities “may well be obligated to ensure their data security practices comply with both HIPAA and the FTC Act.” The FTC also said that “so long as the requirements of those statues do not conflict with one another, a party cannot plausibly assert that, because it complies with one of these laws, it is free to violate the other.” Lawyers familiar with the case said the decision was not unexpected, though it is problematic because there is no formal FTC guidance from which companies, health care or otherwise, can determine whether their data security efforts comply with the FTC Act.


National Rollout of FDA Data Sharing Network Put on Hold

Key Takeaway: FDA officials have put the rollout of a national data infrastructure for healthcare research on hold; meanwhile the Institute of Medicine is investigating how to broadly share clinical trial data for research.

Why it Matters: Several initiatives, from FDA to ONC to the Patient Centered Outcomes Research Institute, are working to develop a nationwide, digital infrastructure for healthcare research. This delay may give policymakers an opportunity to look more holistically at health surveillance and safety efforts, giving them a chance to align disparate programs. Officials from the FDA announced last week that plans to develop the agency’s Sentinel program – which collects post-market surveillance data on drugs, biologics and medical devices – into a nationwide network are on hold. Officials say they need to better understand how to bridge information gaps between the Sentinel program and data projects led by other organizations like the Patient-Centered Outcomes Research Institute (PICORI).

Meanwhile, the Institute of Medicine (IOM) has issued a discussion framework to share clinical trial data. "Sharing these data more broadly -- while respecting research participants and their privacy -- could facilitate new analyses, provide a deeper understanding of therapies and ultimately provide a sounder basis for clinical care,” the report states.

A national network to aid health researchers and clinicians, alike, hold great promise, but it is unclear if policymakers understand the socio-technical difficulty of such efforts.

Legislation & Politics

State Medical Boards Get Senate Nod for Removing Telehealth Barriers

Key Takeaway: A bipartisan group of 14 senators sent a letter to the Federation of State Medical Boards (FSMB) lauding their efforts to address licensing barriers for physicians that practice telemedicine.

Why it Matters: Physicians have difficulty using telehealth tools for out-of-state patients because they cannot receive reimbursements without a license to practice in the location of the patient. The changes to the FSMB licensure requirements, will enable physicians to treat patients using telemedicine and receive reimbursements quicker and easier.

Telemedicine has been recognized as an efficient, cost-effective means to treat patients in remote communities because it eliminates the need for patients in isolated communities to travel long distances for care. While this type of care benefits patients, it has caused some issues for physicians since obtaining one state medical license can be a difficult process, let alone acquiring licenses to practice medicine in multiple states. The letter stated, “FSMB and the Interstate Medical Licensure Compact Taskforce have made important progress. We support changes to improve the process for physicians to submit the necessary information and obtain the required credentials to practice via telehealth in multiple states.” Read the full text of the letter here

CHIME News & Notes

CHIME CIOs Explain ‘Why Public Policy Matters’

During a College LIVE event held last week, two CHIME Board members discussed “the Alphabet Soup” of federal government agencies.

Charles Christian, VP & CIO, St. Francis Hospital, and Indranil Ganguly, VP & CIO, JFK Health System explained how CHIME works with federal agencies and discussed why CIOs should care.

“Part of every CIO’s job is to anticipate the future and to plan for that future. If I plan for a future without an understanding of the political and policy context – especially in healthcare – I’m not doing my job,” said Christian during the online event. “We can either try to predict how the future looks, or – through CHIME Public Policy – we can shape the future we want,” added Mr. Ganguly.

For an archive of the session and slides, click here.

Going to HIMSS14 and Interested in Meeting Government Officials?

CHIME Public Policy is busy coordinating meetings with leaders at CMS, ONC and other federal agencies. Please contact Jeff Smith, Sr. Director of Federal Affairs, for more information on times and dates.


Edited by Gabriel Perna

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on