Blog: HIMSS seeks overarching strategy on privacy
This year, it seems, the Healthcare Information and Management Systems Society is taking a more subtle approach to lobbying for privacy and security regulation.
During its annual Health IT Week lobbying push earlier this month, HIMSS presented just three "asks" to Congress. Two dealt with privacy and security issues.
One asked legislators to study patient identification. A two-page letter from HIMSS spent a lot of verbiage discussing the history of a national patient identifier and how Congress has, since 1999, banned federal funds from being used to "promulgate or adopt" one.
Nonetheless, HIMSS is looking for wiggle room.
Its statement pondered whether studying a patient identifier is verboten, then postulated that a "lack of clear congressional intent . . . poses a huge impediment to the optimal adoption of health information exchange."
That's a slight softening of focus. In 2006, HIMSS and another organization it helped create, the National Alliance for Health Information Technology, pushed for a national patient identifier.
In another "ask" this year, HIMSS is lobbying Congress to support "harmonization" of federal and state privacy laws—again, an apparent softening of its position.
Federal pre-emption of state privacy laws was part of a 2004 health IT bill by former Rep. Nancy Johnson (R-Conn.) that HIMSS tried to get passed.
Johnson's bill died, but attempts have been made since to resurrect pre-emption.
Rich Hodge, senior director, congressional affairs for HIMSS, said this time around, the organization is stumping neither for an identifier nor for federal pre-emption.
"We now realize a unique identifier, like a Social Security number, like an enrollment number, or any other kind of number isn't technologically sufficient," Hodge said. "We're not proposing any single technology."
But, Hodge said, while HIMSS is "not discouraging a single identifier, we're not encouraging it either."
"We don't think it needs to be one solution, but an overarching strategy," he said.
Hodge also said, "We are not recommending federal pre-emption or anything like that."
But, he said, the problem of how to identify patient records persists.
"The nation is moving rapidly toward exchanging data across the country," he said. If patient records move across state lines, "Which jurisdiction or laws are applicable?"
Right now, Hodge said, exchange participants "basically take a shot in the dark and hope they get it right, or listen to their own state's rules and hope it doesn't get them in trouble someplace else."
There are, of course, several ways these problems could be resolved.
One is to find the lowest common denominator—most likely the HHS-gutted, 2002 version of the HIPAA privacy rule—and pass federal legislation pre-empting the state laws and amending the other federal laws to meet that low bar.
The other would be determine which are the most stringent of the privacy provisions in all of the several federal privacy laws and the many state laws, combine them together, and then request that all state and federal governments tighten up their laws to that level.
Which do you suppose patients would want?