Patient Data Privacy Concerns During the COVID-19 Pandemic

Written By: Nancy Avila Villatoro

March 2020 marked a historical moment in the U.S. as the COVID-19 pandemic spread to cities across the country.[1] In an effort to control the spread of the virus, many cities issued stay-at-home orders.[2] In fear of the virus, people avoided leaving their homes, even to attend in-person doctor’s appointments.[3] Health care providers scrambled to adapt to the changing environment and use technology to deliver care to patients from a distance.[4] Regulatory oversight was relaxed to accommodate new norms such as telemedicine—appointments by phone or video call—to serve patients at home, supporting social distancing efforts while continuing to provide needed patient care.[5] Telemedicine services “grew by more than 1000% in March” of 2020.[6] Although this dramatic shift to providing remote patient engagement was necessary for patient care, concerns continue to rise regarding privacy and health data security.[7]

The U.S. has a long history of data privacy patchwork, especially as it involves identifiable health information.[8] In 1996, Congress passed the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) which protects patient health records when they are recorded or used by one of the covered entities as defined in the act. [9] The main purpose of HIPAA was to ensure that electronic health data was properly secured as a shift to electronic health records emerged.[10] Although updates have been made to HIPAA over the years, HIPAA exempts a growing industry of health management applications that collects personal health data from consumers.[11] Prior to the pandemic, there were talks already to revamp the HIPAA framework to align with a “new era of digital-first health care.”[12]

On January 28, 2021, congressional Democrats introduced a new bill that aims to protect individuals’ data rights amid the pandemic.[13] The Public Health Emergency Privacy Act (“PHEPA”) would ensure that “data collected is strictly limited for use in public health, mandate [meaningful data security and data integrity protections, and] that tech firms delete data collected once the public health emergency is over and explicitly prohibit the use of health data for discriminatory, unrelated or intrusive purposes.”[14] Senator Mark R. Warner emphasized the importance of PHEPA as “we move forward with vaccination efforts and companies begin experimenting with things like ‘immunity passports’ to gate access to facilities and services.”[15] Rashad Robinson, President of Color of Change, a progressive nonprofit civil rights advocacy organization, strongly supports PHEPA, “as it would prevent corporate profiteering and government misuse of health data to help ensure Black people . . . can operate online without fear.”[16] Robinson explained the need to close loopholes that allow profit-incentivized corporations to “gather and sell sensitive health and location data . . .  [providing] stringent and enforceable safeguards . . .  to protect private health information of Black people and other marginalized communities, who are most at risk of both COVID-19 and surveillance.”[17]

Although long-term health data privacy concerns may not be addressed through the passage of PHEPA, if passed, patients may be able to breathe a sigh of relief knowing that protections will be in place to protect their health information during the pandemic.


[1] Emily Shapiro, Jon Haworth & Karma Allen, Coronavirus Shuts down Major Cities, Trump Asks Americans to Avoid Groups over 10 People, ABC News (Mar. 16, 2020), https://abcnews.go.com/US/coronavirus-live-updates-establishments-country-begin-shutting/story?id=69615056 (last accessed Feb. 12, 2021).

[2] Jiachuan Wu, et al., Stay-at-home Orders Across the Country, NBC News (Mar. 25, 2020, updated April 29, 2020), https://www.nbcnews.com/health/health-news/here-are-stay-home-orders-across-country-n1168736 [https://perma.cc/E3D7-5C8U].

[3] Cara Murez, Health Care After COVID-19: the Rise of Telemedicine,” Medical Xpress (Jan. 5, 2021), https://medicalxpress.com/news/2021-01-health-covid-telemedicine.html [https://perma.cc/LC26-7P7R].

[4] Id.

[5] Id.

[6] Id.

[7] Anuja Vaidya, Democrats Propose Bill to Protect Privacy, Data Security amid Growing Use of Pandemic-Related Tech, MedCity News (Feb. 2, 2021), https://medcitynews.com/2021/02/democrats-propose-bill-to-protect-privacy-data-security-amid-growing-use-of-pandemic-related-tech/ [https://perma.cc/VU7T-KKUU]; see also Press Release, Mark R. Warner, Warner, Blumental, Eshoo, Schakowsky & DelBene Introduce the Public Health Emergency Privacy Act (Jan. 28, 2021), https://www.warner.senate.gov/public/index.cfm/pressreleases?ID=52781B0E-D736-4F1F-A144-9D1CB67F4B1B [https://perma.cc/A59S-QQ6G].

[8] See Murez, supra note 3.

[9] Lisa Bari & Daniel P. O’Neill, Rethinking Patient Data Privacy in the Era of Digital Health, Health Affairs (Dec. 12, 2019), https://www.healthaffairs.org/do/10.1377/hblog20191210.216658/full/ [https://perma.cc/K7ZJ-NQLZ].

[10] Id.

[11] Id.

[12] Id.

[13] See Vaidya, supra note 7.

[14] Id.

[15] Press Release, Mark R. Warner, Warner, Blumental, Eshoo, Schakowsky & DelBene Introduce the Public Health Emergency Privacy Act (Jan. 28, 2021), https://www.warner.senate.gov/public/index.cfm/pressreleases?ID=52781B0E-D736-4F1F-A144-9D1CB67F4B1B [https://perma.cc/A59S-QQ6G].

[16] Id.

[17] Id.


Leave a Reply

Your email address will not be published.