By: Allison Bock

Over the last year, the COVID-19 pandemic stimulated a significant increase in telehealth services, and patient privacy considerations came to the forefront as patient-consumers questioned the ability of privacy regulation to keep up with the industry’s digital growth.[1]  Health care industry actors thus have combined efforts to safeguard patient privacy rights given the proliferation of new and improved telehealth services during the pandemic so that new technology and increased accessibility to the system can stay.[2]  For example, American regulatory agencies such as the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued proposed rulemakings to revise existing privacy rules.  Most notably, in December 2020, HHS proposed revisions to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule to reconcile provisions that created barriers to coordinated care “without sufficiently compensating for, or offsetting, such burdens through privacy protections.”[3]  This proposal would help increase individuals’ rights to access protected health information (“PHI”) and facilitate safer sharing of patient data.[4]

Greater sympathy to patient-consumer privacy in digital health also prompted states to enact their own consumer laws.  For example, California implemented a comprehensive consumer privacy law called the California Consumer Privacy Act (“CCPA”).[5]  This Act not only imposed new protection duties on entities providing healthcare services in California, but it also provided patients new rights regarding their personal information, including the right to bring a private cause of action.[6]  At the federal level, the Federal Trade Commission (“FTC”) responded to state regulation by emphasizing its oversight powers and dedication to bring legal action against organizations that violate or mislead consumers about their privacy rights, which is a significant step in telehealth and health care accessibility in a digital age.[7]  

In addition to state legislatures, health officials and licensing boards also evaluated the impact of the pandemic on telehealth and temporarily suspended medical licensing requirements, which allowed an out-of-state provider to assist those impacted by the COVID-19 virus.[8]  To do this, the Federation of State Medical Boards (“FSMB”) assisted state medical boards in simply verifying the validity of a provider’s credentials or flag any issues and allow that provider to treat patients across state lines.[9]  This streamlined verification and greater access to care quickly gained traction.  While this was temporary in select states, it will likely be a catalyst for change in state legislatures in the coming months.

Accessibility to the American health care system has a long way to go, but the growing trends in telehealth and data privacy law are at a vital point to mitigate these flaws.  The current legal trends in the health law sphere indicate that a necessary and fundamental change to the way health care is distributed in the United States is on the horizon.  The COVID-19 pandemic highlighted health disparities and misuse of personal information; with 2020 behind us, now is the time for states to continue fighting for patient privacy in an increasingly digital age.

[1] Nathaniel M. Lacktman et al., Top 5 Telehealth Law Predictions for 2021, Nat’l L. Rev. (Jan. 12, 2021),

[2] Id.

[3] Jennifer L. Urban et al., Proposed Modifications to HIPAA Expands Individual Access Rights and Encourages Further Sharing of PHI for Care Coordination, Foley & Lardner LLP (Dec. 14, 2020),

[4] Id.

[5] Jennifer J. Hennessy et al., California Consumer Privacy Act and General Data Protection Regulation: A Guide to California Businesses, Foley & Lardner LLP (Dec. 16, 2019),

[6] Id.

[7] Privacy and Security Enforcement, Fed. Trade Comm’n. (last visited Mar. 31, 2021).

[8] Rachel B. Goodman & Thomas B. Ferrante, COVID-19: States Waive In-State Licensing Requirements for Health Care Providers, Foley & Lardner LLP (Mar. 17, 2020),

[9] Id.

Share this post