Skip to Content

CDT and eHI Release Draft Consumer Privacy Framework for Health Data

Collaborative Group Proposes Self-Regulatory Model & Standards Focused on Non-HIPAA Health Data

Contact: Elizabeth Seeger at [email protected] / Alice Leiter at [email protected]

Today the eHealth Initiative & Foundation (eHI) and the Center for Democracy and Technology (CDT) released A Draft Consumer Privacy Framework for Health Data. The Framework includes a description of the health data that warrant protection, as well as the standards and rules that should govern them. The Framework also includes a self-regulatory model that would hold companies accountable to these standards and rules. The work is the first output of a collaborative effort addressing gaps in legal protections for consumer health data outside of the Health Insurance Portability and Accountability Act’s (HIPAA) coverage. The collaboration was funded through a grant by the Robert Wood Johnson Foundation.

“Over the last 12 months, we have worked with dozens of leaders from consumer, technology, patient and healthcare organizations to craft the Framework,” said eHI CEO Jennifer Covich Bordenick. “Today’s draft addresses many of the concerns raised by consumers about health data currently collected. We look forward to feedback from the public on our efforts.”

“It is nearly impossible for consumers to manage and understand the privacy practices for every entity that collects, uses, or shares data about their health,” said Alexandra Reeve Givens, CDT’s President and CEO. “The draft rules we are releasing today set clear limits on the use of consumer health information and raise the bar for corporate practices around the collection and sharing of this sensitive data. Consumers and corporations will benefit from these enhanced privacy protections.”

In early 2020, eHI and CDT convened a Steering Committee of healthcare providers, technology companies, academia, and organizations advocating for privacy, consumer, and civil rights. The draft Framework includes standards that address the scope of data that warrant protection, the rules that should apply to such covered data, and appropriate exceptions to those general rules. The standards are intended to place strong limits on secondary uses of consumer health data that go beyond current protections. The Framework also includes a proposal for the formation of a self-regulatory body that would provide a governance structure for these rules, with a focus on accountability and enforcement.

“Momentum is building for new federal privacy legislation, but currently no bills have made significant progress toward being enacted into law. As we wait for a comprehensive law, we can and should do more to better protect consumer privacy in the interim,” said Bordenick.

“With the rise of wearable devices, wellness apps, and other online services, huge amounts of information reflecting users’ health are being created and held by entities who are not bound by HIPAA regulations. We hope this Framework serves as a first step to providing greater privacy rights and protections for consumers,” said Givens.

The public is invited to review the draft framework and offer constructive feedback by Friday, September 25, 2020. To do so, please email Alice Leiter at eHI ([email protected]) or Andy Crawford at CDT ([email protected]), or visit

To view the webinar introducing the draft framework, click here.


About the Center for Democracy & Technology

CDT works to strengthen individual rights and freedoms by defining, promoting, and influencing technology policy and the architecture of the internet that impacts our daily lives. Its team of experts have knowledge of issues pertaining to the internet, privacy, security, technology, and intellectual property. CDT brings together thought leaders to find innovative and practical solutions to the policy challenges surrounding the Internet by providing leadership and advocacy to help shape public policy and industry best practices while providing a forum for stakeholder dialogue.

About eHealth Initiative

eHealth Initiative (eHI) convenes executives from every stakeholder group in healthcare to discuss, identify and share best practices to transform the delivery of healthcare using technology and innovation. eHI, and its coalition of members, focus on education, research, and advocacy to promote the use and sharing of data to improve health care.  Our vision is to harmonize new technology and care models in a way that improves population health and consumer experiences. eHI has become a go-to resource for the industry through its eHealth Resource Center. For more information, visit