NCVHS Letter to HHS

On June 22, 2006, the National Committee on Vital and Health Statistics (NCVHS) sent (HHS) a letter report, Privacy and Confidentiality in the Nationwide Health Information Network. Among the 26 recommendations was the following: R-12. HHS should work with other federal agencies and the Congress to ensure that privacy and confidentiality rules apply to all individuals and entities that create, compile, store, transmit, or use personal health information in any form and in any setting, including employers, insurers, financial institutions, commercial data providers, application service providers, and schools.

The NCVHS held a series of three hearings in 2006-2007 to learn more about the health privacy practices of entities that make significant use of health information in their day-to-day operations but are not covered by the Health Insurance Portability and Accountability Act (HIPAA). At the first two hearings, we heard from representatives of life insurers, insurance regulators, human resource professionals, occupational health physicians, financial institutions, primary and secondary schools, and colleges. The third hearing focused on health care providers and other entities in the health industry that are not covered by the HIPAA privacy rule. We inquired about the degree to which they are regulated by other federal or state laws and the possible effects that federal health privacy coverage would have on their operations. What we learned from the testimony strongly reinforces our conviction that all entities that deal with personally identifiable health information should be covered by some federal privacy law. The NCVHS would like to share with you some additional observations in support of our earlier recommendation with respect to this last group of non-covered entities, those operating in the health care arena.

{The National Committee on Vital and Health Statistics’ (NCVHS) letter to Secretary Leavitt recommends that “HHS and Congress should move expeditiously to establish laws and regulations that will ensure that all entities that create, compile, store, transmit or use personally identifiable health information are covered by a federal privacy law.” But the problem is what exactly is “privacy”? So far, Congress has NOT defined privacy, which has resulted in Americans having no right to privacy in electronic health systems. If Congress does not pass a law that provides a standard definition of health information privacy, we will simply get more bad laws and regulations that talk about privacy but do not actually protect health privacy. Privacy is defined by NCVHS as the right to control access to personal health information. ~ Dr. Deborah Peel, Patient Privacy Rights}

Download Letter

Leave a Reply

Your email address will not be published. Required fields are marked *