Data privacy in healthcare could be strengthened says AMA

data breach

The American Medical Association (AMA) has urged the Centers for Medicare & Medicaid Services (CMS) to build more data privacy into its upgraded health IT rules.

Previously known as the Health Care Financing Administration, the CMS is a federal agency within the US Department of Health and Human Services that administers the Medicare programme.

Reacting to CMS proposals for new standards in patient access, the AMA underlined its support while offering a number of suggestions intended to maximise data privacy and cyber security.

The AMA praised the CMS proposal that would oblige payers to permit patients full access to their health data through APIs (application programming interfaces). However, the AMA warned against using consumer-facing apps which could lead to information being passed on to third parties, potentially without the patient knowing.

The AMA wrote:

“If beneficiaries access their and their family’s health data—some of which are likely sensitive—through a smartphone, a patient should have a clear understanding of the potential uses of that data by app developers.

“Otherwise, most patients will not be aware of who has access to their medical information, how and why they received it, and how it is being used (for example, an app may collect or use information for its own purposes, such as an insurer using health information to limit/exclude coverage for certain services, or may sell information to clients such as to an employer or a landlord).”

By way of improvement, the AMA said that CMS could ask for payers’ APIs to check an app’s due diligence in following industry development standards. Payer APIs should also monitor an app’s continued commitment to transparency and best practice.

The AMA said:

“The app could be acknowledged or listed by the API developer in some special manner (e.g., in an ‘app store,’ ‘verified app’ list). We firmly believe these sorts of ‘checks’ on an app will provide a needed level of assurance to patients and would be greatly welcomed by users.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.