Imagine signing a consent form to receive help from a shelter, food pantry, substance abuse center, or other social services—but by doing so, you’ve opened the door for staff and volunteers at hundreds of other organizations to look at your finances. private. , medical, behavioral and social data in their entirety. And you had no choice in the matter.
This is more than hypothetical; it’s happening in communities today.
We’re in this situation because the privacy safeguards within the Health Insurance Portability and Accountability Act (HIPAA) introduced 20 years ago this month haven’t kept up with healthcare organizations now taking a serious, more modern approach to healthcare. to all persons. This has left the door open for bad actors to take advantage of loopholes and erode privacy for deeply personal information.
To maintain the high standards of privacy and protection of personal information that citizens across the US have come to expect, lawmakers must act before it’s too late.
It is important to understand how the blurred lines between health care and social care have inadvertently created an environment that some organizations are exploiting.
Over the past two decades, the US has made significant strides in recognizing the large impact socioeconomic factors have on health outcomes and costs. In fact, it is widely accepted that 80 percent of health outcomes are determined by these social determinants of health (SDOH) – including food insecurity, transportation barriers, housing instability and other factors. In other words, the medications you take or the decisions you make with your doctor, while important, only affect one part of your overall health.
This is why health care organizations have become more involved in social care. They understand how important it is to keep people healthy, so while they continue to focus on what they do best – medicine and clinical care – they are partnering with other organizations in their communities who provide social care . Nonprofits and community-based organizations (CBOs) that provide assistance with things like food, shelter, transportation, utilities, substance abuse treatment, and more are the foundation of our social safety net. And when these organizations are connected and working with our health care systems, it enhances the well-being of our communities and the people in them.
Organizing CBOs, non-profit organizations and other social services into a network to help people find the right resources at the right time increases the reach these organizations have and the good they can do. But unless a social care network is thoughtfully designed with appropriate legal and moral boundaries for protecting personal information, privacy begins to erode.
Healthcare organizations are held to a higher standard for protecting personal information, thanks to HIPAA and other industry regulations—but the social care organizations they work with are not held to the same standards. This has to change.
This spring, the state of New Hampshire passed a bill with overwhelming, bipartisan support to provide important privacy safeguards when accessing social services through a referral network. This simple but critical privacy legislation can serve as a blueprint for federal action on this issue. In the meantime, states that care about the privacy of their residents (and can act more nimbly than the federal government) should consider passing similar legislation.
There is no legitimate argument for giving up privacy after modernizing the social safety net. Some might say that asking for individual consent – as opposed to general consent – to refer a person to a social service will hinder access to care. This is simply not true.
Organizations across the country are successfully working with referral networks that require individual consent, proving that it can be done efficiently and effectively. On the other hand, there are others who are taking the opposite approach. In these cases, people may not realize that they are giving general consent for their personal information to be made accessible far away from others in their community.
Many people are concerned about how social media networks can ignore privacy by tracking people and sharing data – it’s a legitimate issue that gets constant attention. Social care networks are capable of similar actions, but the information they have access to is much more personal. This issue deserves just as much—if not more—attention until we ensure that each individual has full control of their personal information and transparency about who has access to it.
New Hampshire was the first to admit that this breach of privacy was happening. As a result, the state took swift steps to prevent it. It is time for others to follow suit.
Erin Gray is the CEO and founder of findhelp.orga public benefit corporation that works to modernize America’s social safety net for anyone who needs help or helps others.