Dear Secretary Locke:
With an increasingly networked environment in which consumers interact with applications and services that collect personal information around the clock, it is imperative to have strong policies and practices in place that will earn consumer trust. We support the US Department of Commerce’s call for industry to adhere to a comprehensive framework for consumer privacy and data protection that is based on Fair Information Practices (FIPs).
Markle Connecting for Health, a public-private collaborative of more than 100 organizations across the spectrum of health care and information technology (IT), appreciates the opportunity to comment on the US Department of Commerce green paper, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.1 This letter is nearly identical to comments we are submitting to the Federal Trade Commission (FTC) regarding that agency’s recently released staff recommendations in Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.2 Our comments build on a decade of collaborative work, including the Markle Connecting for Health Common Framework for Networked Personal Health Information, which details specific policies and practices for organizations that collect, share, and store health information on behalf of consumers.3 This Markle Common Framework, endorsed by fifty-seven organization4—representing consumers, patients, technology companies, providers, insurers, clearinghouses and privacy experts—was developed specifically by applying a set of principles based on FIPs to the emerging environment of new personal health information applications and services largely unregulated by the Health Insurance Portability and Accountability Act (HIPAA), and translating them into specific policies and practices that can be used to establish a consistent framework for trust.
Although both the FTC staff report and the Department of Commerce green paper pertain to commercial uses of consumer information generally, our comments focus primarily on personal health information—which is being collected, analyzed, and shared in a widely increasing variety of contexts.
Our comments fall into three primary areas. First, we commend both the Department of Commerce and the FTC for their emphasis on a full complement of FIPs. Second, we urge coordination of federal policies, rules, regulations, and jurisdictions, specifically in the area of personal health information. Third, we point to a need, if we are to fulfill consumer expectations, for an even more forward-looking and consistent cross-sectoral approach to privacy and security protections. As the use of the Internet continues to evolve to create new information and service intermediaries, consumers will inevitably expect protections to be in place across the spectrum of organizations that hold their personal health information, regardless of sector-specific boundaries. Health profiles on individuals are compiled by a wide range of organizations both inside of health care (e.g., providers, insurers, pharmacies, and clearinghouses) and outside of health care (e.g., Internet sites, personal health record services, mobile apps, marketers, advertisers, and search engines). Focusing on consistent protections for consumers will have the dual effect of enhancing market certainty for business and fostering an environment of trust in which consumers can safely engage.
__________
- Department of Commerce Internet Policy Task Force. “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” 2010. Accessed on the Web January 10, 2011.
- Federal Trade Commission. “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers; Preliminary Staff Report.” 2010. Accessed on Web January 17, 2011.
- Markle Foundation. Markle Connecting for Health Common Framework for Networked Personal Health Information. June 2008. Accessed on Web January 17, 2011.
- Markle Foundation. Common Framework for Networked Personal Health Information: Statement of Support. June 2008. Accessed on Web January 19, 2011.
