House hearing to examine bill balancing data privacy and R&D needs (original) (raw)

Researchers utilize health data to inform medical breakthroughs, but patients need to know their personal information stays confidential.

The current patchwork of state laws regulating health data privacy does not provide American patients with consistent protection and creates a challenging environment for biotech innovators. Federal legislation to create a single regulatory framework that protects consumer privacy while enabling research will be examined in a June 3 Congressional hearing. The effort is supported by the Biotechnology Innovation Organization (BIO).

“Navigating upwards of 20 distinct state data privacy laws creates immense operational challenges for biopharma companies, distracting critical resources away from clinical innovation and patient care,” according to Patrick Plues, BIO Senior Vice President, State Government Affairs. “Because data-driven research and digital health solutions do not stop at state lines, a single, comprehensive federal consumer data privacy standard is essential to provide uniform protection for patients while giving the industry the regulatory certainty needed to develop the next generation of life-saving therapies.”

The House Energy & Commerce (E&C) Subcommittee on Commerce, Manufacturing & Trade hearing will examine the SECURE Data Act, a law providing clarity on handling all kinds of personal and financial data. It would allow consumers to obtain and delete their data held by a controller and to opt out of processing of their data. It would also permit appropriate use of clinical data that is driving medical innovation and scientific breakthroughs.

“Unlocking the power of health care data to fuel innovation in medical research is at the heart of today’s health care revolution, where medicine is increasingly a collaboration between data science and clinical science realms,” according to written comments BIO submitted to the E&C Committee last year.

Federal versus state protections for health data

States have been seeking to protect personal data in general, and health data specifically, with their own regulations since the passage of the California Consumer Protection Act (CCPA) in 2018, followed later by Virginia’s 2023 VA Consumer Data Act. Washington State’s health-specific “My Health My Data Act” of 2024 has inspired other states to develop similar legislation.

These policies may protect privacy, but they also create confusion for anyone handling data from more than one state.

To ensure consistent health data protections, the SECURE Data Act would take advantage of existing federal privacy protections, including the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which sets a national standard for protection of health data.

“Since its inception in 1996, experience has shown that HIPAA Covered Entities and Business Associates subject to the Privacy Rule have responsibly protected patient data,” per BIO’s comments to the E&C Committee. “HIPAA recognizes the careful balance between protecting patient privacy and facilitating biomedical research.”

Other federal rules protecting health data include Food and Drug Administration (FDA) regulations for patients involved in clinical trials. These protections have successfully governed the rules for processing clinical data and allow for innovation in biotechnology for decades.

Relying on proven federal regulation when applicable makes for more effective policy, according to Aiken Hackett, BIO’s Executive Vice President, Federal Government Relations.

“The SECURE Data Act recognizes there are areas of health policy that are already doing the right things,” Hackett says. “It allows for clearer regulation that provides consistent patient protection while empowering biotech innovation and investment.”

Read more about the June 3 hearing here. Watch it live or see a recording here.