CMS Declares Health Data Bonanza for Big Tech

Statements From Public Citizen Experts

Note: Today, the Centers for Medicare and Medicaid Services (CMS) announced a final rule that would make it easier for patients to share health records between health providers and insurers. But the rule also makes this extremely sensitive data available to third parties that stand to profit from a potentially massive trove of health data with nearly no privacy safeguards in place.

“While improving patients’ access to their data is crucial, a patient’s personal health data is among the most sensitive and important information, and this rule fails to ensure it is sufficiently protected. As a result, patients cannot be sure their information will not be shared with third parties or used for purposes without their knowledge. Without strong protections, we are entering a dangerous era where patients may be seeking to access their data but are unable to protect themselves from negative repercussions, including exploitation of their data and data breaches that put their privacy at risk.”

  • Eagan Kemp, health care policy advocate

“The privacy protections in the rule simply do not meet consumers’ needs. Deciding who gets access to our most sensitive data deserves particular care given how much we now know about the risks of limitless data collection. However, the CMS rule published today contains nearly no meaningful protections for the health data for anyone, let alone for a potentially vulnerable population, once it has been shared with a third party.”

  • Emily Peterson-Cassin, digital rights advocate