Privacy could be IT standards’ deal-breaker

When will those formulating health information technology standards at the federal level get the message that privacy is a potential deal-breaker? If the recent flurry of events surrounding medical privacy doesn’t cause officials to upload some new understanding of this reality, all of their mysterious work to create a national electronic medical-records system will founder on the shoals of public and congressional opposition. So far, the outlook isn’t very robust, to borrow the favorite adjective of the interoperability crowd.

Paul Feldman’s resignation as chairman of the privacy and security work group of the American Health Information Community is the data byte that should have bit them on the rear. In a letter sent around Washington, Feldman wrote that while the work group’s original charge included “a scope of work for a long-term independent advisory body on privacy and security policies,” the panel has met infrequently and then only to focus on formulating policy based on a few case studies. Feldman, deputy director of the Health Privacy Project at Georgetown University, added that “the failure to achieve a privacy framework acts as a significant barrier to a robust and secure environment for e-health.”

The response from HHS was a marvel of spokesmanship. AHIC has “made substantial progress” in “leveraging existing privacy policy foundations” to “address state and business level protections” and is “considering privacy and security policies.”

In other words, “Whatever.”

Feldman’s withdrawal follows on the footsteps of the second of two Government Accountability Office reports strongly criticizing the record of HHS and AHIC on privacy. The GAO found that the administration had produced some contradictory studies and vague policy statements but still had nothing approaching an overall strategy to ensure that privacy protections would be at the center of the national health IT network linking providers and payers.

Sen. Daniel Akaka (D-Hawaii), who requested the investigation, noted that in the absence of real efforts by the Bush administration on privacy and as the administration lags on completing the work on IT standards generally, “more and more companies, healthcare providers and carriers are moving forward with health information technology without the necessary protections.”

Several members of Congress are drafting health IT legislation to address privacy concerns. Sen. Edward Kennedy, chairman of the Senate Health, Education, Labor and Pensions Committee, reportedly will reintroduce a wide-ranging bill that would include stronger patient-consent rules than are currently in place under the Health Insurance Portability and Accountability Act of 1996. Sen. Sam Brownback (R-Kan.) and Rep. Paul Ryan (R-Wis.) would establish health data banks in which people could store electronic copies of their medical records and maintain control over anyone else’s access to it, again in stark contrast to HIPAA, which allows widespread “data mining” by a variety of healthcare vendors.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>