The most vexing issue surrounding the creation of a national electronic healthcare network is the privacy, confidentiality and security of personal health information.
To be sure, the technical and financial challenges are no cakewalk. But almost everyone involved in this effort now believes that, in time, the information technology wizards will find a way to make everything sync together (termed interoperability in IT-speak), and that the financial obstacles will be overcome as well. Whats not so clear is whether privacy policies and consumer protections will be established in time to engender consumers trust and widespread participation.
Even today, with our paper-based system, that trust is spotty. Millions of Americans perceive no self-interest, let alone a national public health interest, in sharing their health information. A sizable percentage of people who see mental health providers, for example, pay out-of-pocket for care and drugs, and request that any track record of that care be closely guarded. Thousands of people still get HIV and other sexually transmitted disease tests off the grid.
Any inkling of exposure that threatens personal embarrassment, job security, or the ability to obtain health or life insurance, and the envisioned national health information network could face a large-scale boycott and suboptimal functioningif not outright failure.
Too little is being done to resolve this problem. Although everyone from HHS Secretary Mike Leavitt on down pays frequent lip service to medical records privacy, theres a disconnect between the rhetoric and the reality.
For example, the American Health Information Community, the high-level commission Leavitt set up in 2005 to advise him on health IT issues, mostly punted on privacy and security, even though it was specifically charged with integrating privacy and confidentiality into the fabric of its activities. Making no real progress on the issue after a year, however, AHIC in August 2006 was compelled to create a separate work group to grapple with privacy.
After initial meetings, that work group is now grumbling. Several of its members say their chargeto address privacy as it relates to each of three use cases, or real-world scenariosis too narrow. They want a broader approach.
Similarly, the AHIC-affiliated organization established to harmonize health IT standards has been constrained to the consideration of transactions relevant to the three use cases. The group issued an initial batch of standards in November 2006. None of them dealt with the privacy or security of electronic health records.
Mind you, all of this is going on even as large insurers and employers have announced major initiatives to kick-start both EHRs and personal health records.