PPR was deeply saddened by the loss of one of our greatest privacy heroes, Mr. Alan F. Westin, the “father of modern day privacy” and the nation’s most respected academic authority on public attitudes toward health privacy. We are grateful to have had the opportunity to honor him and his tremendous work as one of PPR’s first Louis D. Brandeis Privacy Award recipients in 2012. He truly was a remarkable man whom we will miss dearly, though we know the extraordinary contributions he made to the field of privacy law are everlasting.
This story, by Joseph Conn with Modern Healthcare, quotes Patient Privacy Rights, Dr. Blumenthal the National Coordinator for Health IT, and many others, all calling for meaningful consent and privacy.
See these great quotes from Alan Westin:
- the removal of consent from HIPAA by federal rulemakers in 2002 “left us high and dry,” but with the improvements to HIPAA in the stimulus law, “I think the raw materials for excellence are there.”
- Privacy protection will depend again on HHS rulemakers, however, he says. (A proposed privacy rule addressing HIPAA modifications from the stimulus law was released by HHS in July, but a final rule is pending.) If it’s not addressed, Westin says, don’t be surprised if there is consumer backlash.
- “I think we’re at a pivotal moment,” Westin says, given the massive inflows of federal IT subsidies about to begin. “Just imagine a lawsuit as a class action with all the people who would otherwise be swept into a network saying, ‘I did not give my consent,’ and asking the court to intervene.”
- he sees “a dangerous trend” developing in healthcare IT in which patients are regarded as “inert data elements, not conscious persons” who have the right to make informed choices regarding “how their health information is used beyond the direct care settings.”
- “You have to have privacy orienting systems at the design,” he says. “If the plumbing all gets in, it’s going to be very costly to tear it down and change it.”
Below are a few sections of the article. To see the full article, follow this link to Modern Healthcare.
Is the primary federal privacy law up to the task of protecting patient information in the 21st century?
It’s a question we put to opinion leaders in the legal, research, policy, ethics, provider and technology fields within the healthcare privacy community. It comes as hospitals and office-based physicians ramp up adoption of electronic health-record systems and join information exchanges to qualify for their share of the $27 billion in federal information technology subsidy payments available under the American Recovery and Reinvestment Act of 2009, also known as the stimulus law…
…A new challenge will be to regulate against the abuse of data outside the scope of HIPAA. “You encounter personal health records, where people put their health information on a cell phone, or on Google and Microsoft, and Google and Microsoft are not covered entities. We need to figure out what the privacy framework is for personal health records and other sharing of personal information.”
Deborah Peel is the practicing psychiatrist who founded the Patient Privacy Rights Foundation in Austin, Texas. To Peel, the HIPAA paradigm is obsolete and inadequate and needs to be replaced.
“You can’t draw a fence around who has sensitive health information,” Peel says. “It might have made sense 20 years ago, but it is a model that doesn’t fit the realities of today. It’s based on an anachronistic view of the healthcare system, as if it’s totally separate from everything else in business and in life, and if technology has taught us anything, it’s that that’s not effective.”
Peel also says the 42 CFR Part 2 framework should be applied to all patient data. “Healthcare information, because of the Internet, is everywhere; therefore, the protections must follow the data,” she says. “If we don’t say a damn word about social media and websites and the rest, we lose because that information is out there in all of those places.”