When will those formulating health information technology standards at the federal level get the message that privacy is a potential deal-breaker?
If the recent flurry of events surrounding medical privacy doesnt cause officials to upload some new understanding of this reality, all of their mysterious work to create a national electronic medical-records system will founder on the shoals of public and congressional opposition. So far, the outlook isnt very robust, to borrow the favorite adjective of the interoperability crowd.
Paul Feldmans resignation as chairman of the privacy and security work group of the American Health Information Community is the data byte that should have bit them on the rear. In a letter sent around Washington, Feldman wrote that while the work groups original charge included a scope of work for a long-term independent advisory body on privacy and security policies, the panel has met infrequently and then only to focus on formulating policy based on a few case studies. Feldman, deputy director of the Health Privacy Project at Georgetown University, added that the failure to achieve a privacy framework acts as a significant barrier to a robust and secure environment for e-health.
In other words, Whatever.
Feldmans withdrawal follows on the footsteps of the second of two Government Accountability Office reports strongly criticizing the record of HHS and AHIC on privacy. The GAO found that the administration had produced some contradictory studies and vague policy statements but still had nothing approaching an overall strategy to ensure that privacy protections would be at the center of the national health IT network linking providers and payers.
Sen. Daniel Akaka (D-Hawaii), who requested the investigation, noted that in the absence of real efforts by the Bush administration on privacy and as the administration lags on completing the work on IT standards generally, more and more companies, healthcare providers and carriers are moving forward with health information technology without the necessary protections.
Several members of Congress are drafting health IT legislation to address privacy concerns. Sen. Edward Kennedy, chairman of the Senate Health, Education, Labor and Pensions Committee, reportedly will reintroduce a wide-ranging bill that would include stronger patient-consent rules than are currently in place under the Health Insurance Portability and Accountability Act of 1996. Sen. Sam Brownback (R-Kan.) and Rep. Paul Ryan (R-Wis.) would establish health data banks in which people could store electronic copies of their medical records and maintain control over anyone elses access to it, again in stark contrast to HIPAA, which allows widespread data mining by a variety of healthcare vendors.
Whether Congress actually steps up to the plate that HHS and all of its subordinate acronyms are avoiding, recent opinion polls suggest there is a lot of nervousness among Americans about the potential misuse of their records by employers and health plans, and about the recent spate of massive health IT security violations. And anecdotal evidence suggests more people are going off grid by paying privately for sensitive medical care such as mental disorders and HIV/AIDS.
Put another way, if everyone in Washington ignores the issue of medical privacy, patients actual use of their personal health records is going to be a major concern.
This is the year for Congress to get privacy right. AHIC, et al., couldnt care less.