Don’t bet on knowing your records’ whereabouts

Joseph Conn with ModernHealthcare.com wrote about the Health Privacy Summit in the IT Everything blog. You can read the full article here: Don’t bet on knowing your records’ whereabouts

“Do you know where your electronic health information is tonight?

Here’s a reader challenge: I’ll pay $10 to the first adult who has had at least five encounters with the private-sector healthcare system in the past 10 years to come up with a complete map of where all his or her electronic health records have traveled, who has seen them and where they are now.

I feel my money is safe in my pocket, and here’s why:

First, I’ve been covering health IT for nearly 11 years, and there is no system I know in this country that can completely track the whereabouts of someone’s electronic health information.

Second, there are no laws or incentives to induce complete tracking of a patient’s records.

And yet, patients ought to have access to just such a record map, according to health IT and privacy experts participating in the first Health Privacy Summit Monday in Washington. The daylong conference was put together by Patient Privacy Rights and the Lyndon B. Johnson School of Public Affairs at the University of Texas, Austin…”

PPR Comments on the PCAST HIT Report

The President’s Council of Advisors on Science and Technology (PCAST) weighed in on the key problems with how the Administration is building health IT systems and data exchanges. They recommend that patients be able to meta-tag data to protect privacy, that interoperability requires adoption of a common “language”, and that the goal should be a “data-centric” system for research on all health records without consent. The report recommends that HHS and CMS decide when patient data can be used for “secondary” purposes without consent.

See the full PCAST report: http://www.whitehouse.gov/blog/2010/12/08/pcast-releases-health-it-report

Patient Privacy Rights letter of comments to HHS emphasized:

  • Privacy is essential to build in up front.
  • We should not rush to deploy systems and spend billions on electronic systems and data exchanges until we know the privacy technologies PCAST recommends are adequate.
  • The recommendations for de-identifying health data were insufficient. Extensive work needs to be done to ensure that standards for de-identification actually work.

See PPR’s full comments here: http://patientprivacyrights.org/wp-content/uploads/2011/01/PCAST-comments-PPR-Final.pdf

See PPR’s written testimony here: http://patientprivacyrights.org/wp-content/uploads/2011/05/Patient-Privacy-Rights-Testimony-PCAST-WG-Feb-15-2011.pdf