Some agencies of the federal government earn praise from patient privacy advocate Dr. Deborah Peel; for others, it's reproach.
Peel, a psychiatrist, puts great store in patient control over the sharing of their personal information, considering it the sine qua non of privacy rights. Not surprisingly, the chief healthcare information technology rulemaker, HHS, comes up short in her view.
In 2002, HHS redrafted the privacy rule of the Health Insurance Portability and Accountability Act, replacing its patient consent requirement for the sharing of most patient records with a new provision. The rewrite afforded “regulatory permission,” according to the rule, for hospitals, physicians, insurance companies, pharmacies, claims clearinghouses and other HIPAA-covered entities to use and disclose patient data for treatment, payment and a long list of other healthcare operations without patient consent.
“Let's face it,” Peel says, “HHS is the agency that eliminated patient control over electronic medical records and has remained hostile to patients' rights ever since.”
Days before the 2002 revision went into effect, a group of patients calling themselves Citizens for Health, and more than dozen other plaintiffs, including Peel, sued HHS Secretary Tommy Thompson in federal court, alleging the revisions violated patients' constitutional rights to privacy. They lost at both the trial and appeals-court levels and were denied a hearing on appeal to the U.S. Supreme Court in 2006.
Peel launched the not-for-profit Patient Privacy Rights Foundation in 2003.
She and her fledgling organization lobbied in 2006 against legislation offered by then-Rep. Nancy Johnson (R-Conn.) that the health IT industry strongly supported. Johnson's bill would have pre-empted “barriers” to health information technology in state privacy laws, which are often more stringent than those in HIPAA.
Federal pre-emption was stripped from the bill in committee and it died. Soon after, Johnson lost her seat.
“Where I'm coming from is, I've spent all this time in a profession with people being hurt,” Peel says. “Starting in the 1970s, when I first let out my shingle, people came to me and said, if I paid you in cash, would you keep my records private. Now, we've got a situation where you don't even know where all your records are. We don't have a chain of custody for our data, or have a data map” to track its location.
In 2010, Peel pushed for a hearing by the privacy and security subcommittee of the federally chartered Health IT Policy Committee to showcase the wares of developers of cutting-edge consent management software such as the Veterans Affairs Department and the National Data Infrastructure Improvement Consortium. The aim was to trump privacy opponents who had argued privacy-protecting technology didn't exist or wasn't feasible.
In a new effort, Peel's foundation is co-hosting with the O'Neill Institute for National and Global Health Law at Georgetown University the 3rd International Summit on the Future of Health Privacy set for June 5-6.
“I think I am an iconoclast and a critic, but I'm very, very interested in solutions, too,” Peel says. “I'm promoting meaningful solutions and the kind of open and honest debate that will lead to them.”