New House Republican privacy bills could give workers more access to plan data

And the bills could suddenly impose HIPAA-like data protection rules on any data not currently protected by either HIPAA or GLBA.

What it means: The new privacy bills might have a much bigger effect on employers' 401(k) plans and absence management programs than on their health plans.

The backdrop: The health data security and privacy provisions in the Health Insurance Portability and Accountability Act of 1996 require hospitals, health insurance companies, health plans and other "covered entities" to protect consumers' health information.

The covered entities can share consumers' health data with outside marketers only if the consumers "opt in," or actively agree, to let that happen.

HIPAA regulations let a consumer ask a covered entity to provide copies of any health records related to the consumer that the entity holds.

The Gramm-Leach-Bliley Act of 1999 applies to financial information, such as Social Security numbers and credit card numbers.

GLBA requires insurance companies and other financial institutions to protect consumers' personal financial information.

GLBA requires financial institutions to give consumers a chance to opt out of efforts to share the consumers' information with outside marketing organizations, but GLBA does not require financial institutions to start by asking consumers to opt in to data-sharing.

The new bills: The "Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act" bill, or SECURA Data Act bill, would set national, GLBA-like data privacy standards for personal data not currently covered by either HIPAA or GLBA rules.

The"Guidelines for Use, Access and Responsible Disclosure of Financial Data Act" bill, or GUARD Financial Data Act bill, would update the GLBA rules for the personal financial information stored by financial institutions.

The bill would let a financial institution customer ask the financial institution for a copy of any records related to the customer that the financial institution holds.

The GUARD Financial Data Act bill would also require a financial institution to limit how much "non-public personal information" it collects to "what is adequate, relevant and reasonably necessary," and it would require a financial institution to have a consumer "opt in" for any sharing of "sensitive, non-public personal information."

In theory, enactment of the GUARD Financial Data Act bill could require administrators of plans to think harder about what data they collect, purge participant data more often and make more types of records available through any account data download tools.

The House Financial Services Committee and the House Energy & Commerce Committee are sharing jurisdiction over the bills.

The politics: Supporters of the bills, including the U.S. Chamber of Commerce and the American Council of Life Insurers, see passing the bills as a way to address consumer concerns about privacy while setting national standards for data protection and blocking states from passing and enforcing their own data protection laws.

Related: Bipartisan bill aims to combat record health care cyberattacks

The Health Innovation Alliance, a group for health technology firms and other organizations that want the federal government to handle data privacy oversight, is billing the SECURE Data Act bill as a way to protect data with "one national standard."

Introduction of the bill "is a critical step toward establishing a clear, consistent national framework for data privacy and security," according to Roslyn Docktor, the executive director of the alliance. "Americans deserve robust protections for their personal health information, and innovators need a uniform set of rules that replaces the growing patchwork of state laws with a workable federal standard."

The ACLI is supporting the GUARD bill as well as the SECURE bill.

The Health Innovation Alliance has not expressed an opinion about the GUARD bill.