Transparency, accountability, and education

FederalStatePrivate Sector

Consumers should receive clear, understandable, and accessible information about how their health and health-related data are being collected, used, shared, and sold. Policymakers should require plain-language disclosures with information about what data are collected and maintained, and how the data may be used, shared, or sold. 

Consumers must have the right to withdraw consent easily and at any time. 

Appropriate federal and state agencies should vigorously enforce health privacy laws and regulations. Well-funded federal and state enforcement authorities must have meaningful enforcement mechanisms, including the ability to impose penalties and enforce swift compliance deadlines. 

Consumers should be empowered to make informed choices. As such, the public must be educated about the benefits and drawbacks of health and health-related data collection and sharing. Policymakers should protect people from the harms of disclosure or misuse of all personally identifiable health- and health-related data. This includes data that have been stripped of personally identifiable information because of the ease of reidentification. 

Policymakers and the private sector should take steps to mitigate the consumer risks of the reidentification of data. Policymakers should develop standards and tests to verify that methods used to mask or strip out identifiable information adequately protect consumers from reidentification.