January, 2019 /Experian/ -- Legislative & Public Policy Update - Federal Update.
Senator Schatz introduces bill to protect consumers’ information
On December 12, Senator Brain Scahtz (D-HI), along with 14 other democratic senators, introduced The Data Care Act, which establish duties for online service providers with respect to end user data that such providers collect and use. The legislation creates duties that would require providers to protect user data and would prohibit providers from using user data to their disadvantage. Also, must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information. A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene. FTC is granted rulemaking authority to implement the Act. This bill will be considered with other data privacy and security bills during the 2019-2020 session of Congress.
CFPB proposes revision to “No-Action Letter” policy
On December 13, the CFPB issued proposed revisions to its 2016 final policy on issuing “no-action” letters (NAL), together with a proposal to create a new “CFPB Product Sandbox”. The revisions are intended to address the current program’s many shortcomings. The new sandbox program is intended to create a more efficient and streamlined process within the Bureau and will allow participants to test innovative financial products or services. Comments must be submitted by February 11, 2019. Under the new program, in addition to receiving a “no-action letter,” banks could ask the CFPB for two additional forms of relief: “approval relief,” which expressly states that acts taken or omitted in conformity with the approval fall within a statutory “safe harbor” from liability, or “exemptive relief,” an exemption from a statutory or regulatory provision. The CFPB added that under the “sandbox” concept, it expects relief to be provided for a limited amount of time — in most cases, two years.
Additional proposed changes to the 2016 policy include the following:
- The 2016 policy states that it was intended to facilitate consumer access to innovative financial products, the proposal would remove such statements.
- The 2016 policy requires an NAL applicant to provide up to 15 items of information. In contrast, the proposal would reduce such items to up to 7.
- The 2016 policy requires the recipient of an NAL to commit to share data with the Bureau if requested to do so. The proposal would remove that requirement.
House Energy & Commerce hearing on reducing health costs
On December 11, the House Energy & Commerce Subcommittee on Health held a hearing titled, “Implementing the 21st Century Cures Act: An Update from the Office of the National Coordinator.” Dr. Donald Rucker, the National Coordinator for Health Information Technology at HHS, discussed the progress hospitals and clinicians had made in adopting electronic medical records, but said additional work was needed to increase the value of these records and reduce clinician burden when accessing them. He cited an Office of the National Coordinator and Centers for Medicare and Medicaid Services draft strategy released in November aimed at reducing these burdens and explained his department was continuing to work with CMS to address changing documentation requirements and simplified recording. Dr. Rucker also noted that he expects a proposal rule, required by the Cures Act, to be released in the coming weeks that would have an impact on “information blocking.” The proposed rule is expected to define exceptions what is considered information blocking. On the Senate side, the Health Committee Chairman Lamar Alexander (R-TN) is seeking recommendations for specific legislative, regulatory, or sub-regulatory solutions for reducing health care costs by March 1, 2019.
U.S. Department of Health and Human Services reviews privacy rules
On December 12, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), issued a Request for Information (RFI) seeking input from the public on how the HIPAA Rules, especially the HIPAA Privacy Rule, could be modified to further the HHS Secretary’s goal of promoting coordinated, value-based healthcare. HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based health care. The RFI requests information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.
Senator Warren sends demands to CFPB Director
On December 19, Senator Elizabeth Warren (D-MA) sent a letter to Director Kraninger setting forth five demands and requesting action by January 6, 2019. The following demands are:
- End the politicization of the CFPB by eliminating the dozen-plus political positions Mr. Mulvaney created at the agency.
- Recommit the agency to pursuing aggressive investigations of wrongdoing and enforcement actions against corporations that violate the law.
- Preserve the Bureau's ability to collect and use data to stop consumer rip-offs.
- Restore the full authority of the CFPB's Office of Fair Lending and Equal Opportunity.
- Take quick action to reinstate protections for students, young consumers, and servicemembers.
Experian will keep you updated on this request and if Director Kraninger responds.
Kathy Kraninger confirmed as CFPB Director
On December 6, the Senate confirmed President Trump’s nomination of Kathleen Kraninger to be Director of the Bureau of Consumer Financial Protection by a vote of 50 to 49. Kraninger most recently served as Program Associate Director for General Government in the Office of Management and Budget (OMB), in which capacity she reported to OMB Director (and Acting BCFP Director) Mick Mulvaney. She previously served as Deputy Assistant Secretary for Policy at the U.S. Department of Homeland Security.