A new Government Accountability Office report critical of HHS privacy policies gave additional ammunition to patient privacy advocates and to members of Congress who argue that the government is eroding privacy with its information technology promotion efforts.
The GAO, in its report released Feb. 1 said it wants HHS to define and implement an overall privacy game plan that includes key principles that address differences in states laws, the amount of health information that could be released and the individuals ability to access and amend his own records.
Members of Congress voiced similar concerns at a hearing on the report and indicated that passage of health IT legislation will continue to be stalled by privacy worries.
In its report, the GAO said it wants HHS to establish tangible milestones and measures that ensure that personal health records and the overall exchange of health information will be properly secure and protected.
While progress has been made initiating these efforts, much work remains before they are completed and the outcomes of the various efforts are integrated, said David Powner, GAOs director of IT management issues.
The implementation of new technology has moved ahead of the development of privacy and security policies under the federal governments current health IT effortsa move that could prove difficult and costly to reverse, the GAO said in its report.
Sen. George Voinovich (R-Ohio) said at the hearing that important health IT legislation had been put on hold because HHS could not issue certain regulations fast enough. And Sen. Daniel Akaka (D-Hawaii) said that although he supports health IT efforts, he remains concerned about the low level of privacy protections built into HHS plan to develop an interconnected health information network.
Privacy experts said they generally support the GAOs assessment, but others said it did not go far enough. It is fair to conclude that health privacy has not received adequate attention at HHS, that prior efforts have lacked coordination and focused on the wrong issues, and that a sense of urgency is lacking, said Mark Rothstein, director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine.
But HHS officials said they disagree with the GAO recommendations. In written comments, HHS steered the GAO to its comprehensive and integrated approach for ensuring the privacy and security of health information initiatives, according to the report.
HHS has established and is pursuing (a) deliberative, comprehensive and integrated approach to ensure the privacy and security of health information within a nationwide health IT infrastructure, said Robert Kolodner, interim national coordinator for health IT under HHS, speaking at the hearing.