Patient Privacy: Foundation for Health IT
- One of the stumbling blocks in the adoption of health information technology is patient privacy. How can patients feel protected as their personal health care information speeds across cyberspace? The nation needs a plan to answer such questions, but the people who are supposed to be developing a plan are not.
A report by the U.S. General Accountability Office (GAO) says the administration lacks a plan for addressing patient privacy issues. As reported in The New York Times, the GAO found “the administration had a jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers.” The administration insists that its current efforts are sufficient.
But even the GAO report doesn’t delve as deeply into the privacy issue as it should. It assumes that the current federal privacy law known as HIPAA (the Health Insurance Portability and Accountability Act) is an adequate framework for privacy protection. But as the Patient Privacy Rights Foundation points out, HIPAA, unlike privacy laws in many states, does not require patients to give their consent before their information is shared among doctors, hospitals, health plans, and their business associates for the provision and payment for care. As a result, HIPAA does not give patients control over who has access to their records, leaving them vulnerable to embarrassing, unwanted, and potentially harmful disclosure of personal health information.
Fortunately, health information technology affords patients the opportunity for more control over their personal health information. It can allow them to choose a blanket consent for the use of their information or to share only portions of it. Such privacy protections are an important foundation for health IT because it will help ensure that patients are comfortable in the world of cyber-medicine. Now is the time to make a plan for privacy protections before health IT systems are up and running across the nation.
For more information:
“Warnings Over Privacy of U.S. Health Network,”
By Robert Pear, The New York Times, February 18, 2007:
“Early Efforts Initiated but Comprehensive Privacy Approach Needed for National Strategy,”
Statement of Linda D. Koontz and David A. Powner, U.S. General Accountability Office, February 1, 2007:
Comments on GAO Report,
Patient Privacy Rights Foundation, February 6, 2007: