On February 9, 2022, the Health Data Use and Privacy Commission Act (S.3620) was introduced by U.S. Senators Bill Cassidy (R-LA) and Tammy Baldwin (D-WI).

The legislation intends to create a Commission on Health Data Use and Privacy Protection to evaluate the collection, storage and use of Personal Health Information (PHI). Assignment was made to the Commission to suggest recommendations to update HIPAA, and to review current protections of PHI for all industries.

Senators Baldwin and Cassidy indicated that it is necessary that HIPAA is to be modernized to give Americans confidence that their PHI is safe.

According to the Legislation, the Commission would concentrate its work on a number of data use and privacy issues as follows:

Selling of PHI. Whether PHI is sold without consent or with consent.

Enforcement. What are the current privacy rules and privacy laws, by state and federal, and can there be an enforcement consolidation.

Consent Requirements. What are the processes in medical research and the consent requirements potential solutions.

Activities in Private Sector. What are the current privacy protection efforts, such as self regulatory, to mitigate privacy issues.

Government Collection of PHI. Collection, distribution and monitoring of PHI by state, local and federal governments.

Advancements of Technology. Technology advancements currently used for healthcare operations, payment and treatment, in comparison to technologies used at the time that HIPAA privacy regulations were issued in the year 2000.

Existing Laws. What are the current federal and state statutes for protection of PHI, such as the Common Rule, HIPAA, the Privacy Act of 1974, the Federal Trade Commission Act and the 21st Century Cures Act.

Health Date for Employees. What are employer practices regarding the health information of employees.

Referral of the bill was made to the Senate Health, Education, Labor and Pension Committee for further action.