Official: Don’t Reinvent the Wheel As National IT Network Progresses

Sounding more like a defensive parent whose child was under attack than a self-described “distant bureaucrat,” Sue McAndrew had a message to deliver to the audience of the 14th National HIPAA Summit last week in Washington D.C. McAndrew, who said she has worked on privacy issues for HHS’s Office for Civil Rights (OCR) under the Department of Health and Human Services since 2000, was recently named OCR’s deputy director for health information privacy.

Her speech, she said, marked the first time she had appeared at a health information technology (HIT) conference. OCR is the agency that enforces the privacy rule.

And she clearly had a bone to pick with the minions serving on the plethora of government advisory committees, and those wonky industry folks who are grappling with privacy implications of the nationwide health information network (NHIN).

“One of the things we hear a lot about, and I would like to take off the table right from the top, is that fact that the HIPAA privacy rule is irrelevant to this effort because it was only designed to operate in a paper system,” McAndrew said.

Then, pausing for effect, she added, “I mean, DUH!”

“HIPAA was all about automating and moving the industry into an electronic world,” she said, sounding exasperated. “HIPAA is relevant, and HIPAA has a lot of the balances [that] were designed with HIT in mind.”

{Susan McAndrew, deputy director for health information privacy in the Office for Civil Rights (OCR) in HHS, states that “communities” should come together to decide what fundamental privacy rights consumers should have in electronic systems, such as whether consumers should have the right of consent, the right to opt-in or opt-out and the “minimum necessary” information that should be disclosed to process insurance claims. Marilou King, acting senior advisor for privacy compliance and enforcement at OCR, then said that the secretary of HHS would be the one to decide whether to allow an opt-in or opt-out option. Their comments reflect the grossly improper abrogation of Americans’ fundamental privacy rights by unelected federal officials. Only Congress has the power to amend the medical privacy rights citizens have had in state law, common law, Constitutional law, the physician-patient privilege and medical ethics for centuries. Their comments are similar to positions taken by Secretaries Thompson and Leavitt of the U.S. Dept. of Health and Human Services (HHS). HHS stripped Americans of the right to control access to their electronic medical records in 2002. HHS Secretary Leavitt continues to improperly delegate the authority to determine our privacy rights to various public/private industry panels such as AHIC, NCVHS, CCHIT, HITSP, etc. HHS and OCR have no authority to eliminate or amend our fundamental privacy rights—only Congress has the power to decide what privacy rights Americans should have in electronic systems. ~ Dr. Deborah Peel, Patient Privacy Rights}

Leave a Reply

Your email address will not be published. Required fields are marked *