Health information technology has tremendous potential to improve health care and reduce cost while empowering patients to play a greater role in the management of their own care. At the same time, unaddressed privacy and fairness concerns can stand in the way of realizing the benefits of health IT. There is an ongoing need to shape the regulatory framework around health IT in the United States. In particular, there are few legal and regulatory protections for health information outside of the purview of the Health Insurance Portability Accountability Act (HIPAA), nor are there comprehensive best practices or guidelines for companies using non-covered personal health information.

The availability of fine-grained data about an individual’s health and wellbeing is rapidly fueling new technologies, commercial applications and industries. As in other areas, big data practices employing sophisticated analytic methods raise concerns for fairness and potential discriminatory outcomes. From activity trackers to mobile apps to electronic health records, personal health data has disrupted established traditions in health care and research and created new commercial opportunities such as the direct-to-consumer testing market. These developments raise new questions about the privacy, security, and ethical implications of collecting and using such information and if current legal protections, for example for genetic data, are sufficient and what additional protections, including ethical standards, may be needed.

CDT is recognized as a leader in health and data and invited to influence key decisions on related issues. Our advocacy and evolving research is focused on best practices in privacy, security, and ethics, legal and regulatory protections, social and community impact of uses of personal health data and emerging technologies.