Amazon, the Cloud and its Call for a Privacy Law Change
Posted at 6:54 p.m. on July 17, 2014
CQ Roll Call’s Kerry Young reports that Amazon has asked lawmakers to tweak federal health privacy law to allow freer data flow for research projects conducted through its cloud-services business while maintaining information security.
Revising rules stemming from the 1996 Health Insurance Portability and Accountability Act (PL 104-191), or HIPAA, could substantially speed medical research, Paul Misener, Amazon’s vice president for global public policy, told a House Energy and Commerce subcommittee.
For now, the Department of Health and Human Services’ implementation of HIPAA is a hurdle to companies trying to strike contracts and speed the analysis of large pools of data, he said. He urged a more narrow focus on situations where a provider of cloud-computing services actually had some access to, or knowledge of, the data.
Here’s more from Misener on HIPPA at the hearing:
It’s not a huge barrier at this point but what we would like to be able to do is recognize that there are some times when information is stored in the cloud where it is known to be health information and its accessible to the cloud service provider. But most of the time that’s not the case. We don’t know what information is stored there. And it’s also encrypted so we cant get at it. And yet we still have to go through HIPAA hoops as if we had access…
Communications and Technology Subcommittee Greg Walden, D-Ore., asked Misener what that means from a practical standpoint.
“I think it means asking NIH not to interpret the rules so broadly as to require a cloud services provider to comply with HIPAA where it’s not necessary,” Misener said.