Scanning through the stimulus act just signed by the President (minutes ago) I noticed a provision calling authorizing the Secretary of Health and Human Services to issue rules on sharing protected health information. The Senate version is nearly 900 pages so I’ll spare you the reading time. Here’s the provision:
SEC. 3224. GUIDANCE ON PROTECTED HEALTH INFORMATION.
Not later than 180 days after the date of enactment of this Act, the Secretary of Health and Human Services shall issue guidance on the sharing of patients’ protected health information pursuant to section 160.103 of title 45, Code of Federal Regulations (or any successor regulations) during the public health emergency declared by the Secretary of Health and Human Services under section 319 of the Public Health Service Act (42 U.S.C. 247d) with respect to COVID-19, during the emergency involving Federal primary responsibility determined to exist by the President under section 501(b) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5191(b)) with respect to COVID-19, and during the national emergency declared by the President under the National Emergencies Act (50 U.S.C. 1601 et seq.) with respect to COVID-19. Such guidance shall include information on compliance with the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note) and applicable policies, including such policies that may come into effect during such emergencies.
I’d be very interested to learn what this formal guidance is intended or expected to cover and what t will mean for patients, holders of these medical records and for the general public. If you also have questions, comments or ideas about this, please share them here and I’ll keep updating this post as more information (or good questions) emerge.
I was honored to moderate and participate in the 2019 Harvard Legal Tech Symposium panel discussion on tort liability for autonomous systems with Bryan Casey of Stanford and Primavera De Filippi of Harvard.
As innovations like blockchain technology, mass-scale automation and the emergence of fully autonomous systems become more commonplace, new legal questions are arising . However, some of the most pressing legal questions are hardly new at all, and in fact legal frameworks in US federal and state law have already been enacted to address those questions. In the context of electronic contracts and automated transactions the two key laws of this type are the Uniform Electronic Transactions Act (UETA) at the state level and the Electronic Signatures in Global and National Commerce Act (ESIGN) at the federal level.
One of the most relevant parts of these laws relates directly to the use of new technologies like blockchain and AI that enable a high degree of automation and in some cases, even autonomous action. Specifically, these laws define the rules for enforceability of contracts formed without human review or approval through use of “electronic agents” conducting “automated transactions”.
According to the federal ESIGN Act:
A contract or other record relating to a transaction in or affecting interstate or foreign commerce may not be denied legal effect, validity, or enforceability solely because its formation, creation, or delivery involved the action of one or more electronic agents so long as the action of any such electronic agent is legally attributable to the person to be bound.
The term “electronic agent” means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response.
Similarly, according to the state Uniform Electronic Transactions Act:
In an automated transaction, the following rules apply:
(1) A contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents’ actions or the resulting terms and agreements.
(2) A contract may be formed by the interaction of an electronic agent and an individual, acting on the individual’s own behalf or for another person, including by an interaction in which the individual performs actions that the individual is free to refuse to perform and which the individual knows or has reason to know will cause the electronic agent to complete the transaction or performance.
(3) The terms of the contract are determined by the substantive law applicable to it.
“Automated transaction” means a transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction.
“Electronic agent” means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual.
The most important concept to take away from these legal frameworks in the context of automated and autonomous systems is the need for attribution to a legal person. The federal ESIGN Act states plainly that the contracts or other acts of electronic agents (eg automated processes or systems) can not be denied legal force or effect “so long as the action of any such electronic agent is legally attributable to the person to be bound.”
UETA provides some further guidance on the rules related to attribution:
An electronic record or electronic signature is attributable to a person if it was the act of the person. The act of the person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or electronic signature was attributable.
The effect of an electronic record or electronic signature attributed to a person under subsection (a) is determined from the context and surrounding circumstances at the time of its creation, execution, or adoption, including the parties’ agreement, if any, and otherwise as provided by law.
UETA, SECTION 9. ATTRIBUTION AND EFFECT OF ELECTRONIC RECORD AND ELECTRONIC SIGNATURE.
Automated and autonomous systems that are designed and deployed in ways that ensure clear attribution to responsible legal persons help avoid an accountability gap for potential harm and damage these systems could cause. Vehicles are required to have clearly visible license plates when they enter upon public roads and may impact other people. These license plats provide a simple, effective way to start linking ownership, control and accountability for vehicles back to responsible parties. Analogously, it is wise to consider appropriate, usable and effective measures for attribution of the acts or consequences of automated and autonomous systems.
“I would also like to give thanks to Massachusetts Governor Paul Cellucci for his assistance and support through the process of drafting this legislation. Massachusetts should be proud of the work done by their Governor and his staff on this bill, especially the Governor’s Special Counsel for e-commerce, Daniel Greenwood, to assure that state and federal law governing e- commerce are complimentary.”
This August, 2019 I’m honored to be a speaker at ILTACON, the premier event of the International Legal Technology Association. I’ll be presenting and joining a discussion at one of the general sessions on practical aspects of innovation adoption across the legal industry.
In the late 1990’s when I was Deputy General Counsel for Information Technology for the Weld Administration (then the Governor of Massachusetts) part of my job was to advocate for “online government”. That included working with other jurisdictions on legislative reforms to remove obstacles to adoption of eCommerce in the private sector and the equivalent for online transactions by citizens and businesses with government. My first major work on federal legislation along these lines is now known as the “Government Paperwork Elimination Act” and in general it required federal agencies to accept forms and other filings over the web instead of requiring paper.