The federal government will unveil a privacy and security framework in about six months, an official with the Office of the National Coordinator for Health Information Technology told attendees of the American Medical Informatics Association annual meeting Monday.
HHS has been criticized by government watchdogs, privacy advocates—and even members of its own committees working on information technology issues—for its lack of progress in setting privacy policy guidelines. In June 2006, for example, a privacy and security subcommittee of the National Committee on Vital and Health Statistics submitted a list of 26 recommendations to HHS Secretary Mike Leavitt on privacy policies needed to develop the government's proposed national health information network. The recommendations have largely gone unimplemented.
In June, then-acting ONCHIT head Robert Kolodner proposed work on a privacy framework. Kolodner listed five international privacy organizations that would serve as baseline guides for developing a national policy, but the NCVHS recommendations initially were not among them. Kolodner later instructed ONCHIT staff to take a second look at the NCVHS recommendations.
"We'll have some news in the next six months or so," said Jodi Daniel, a lawyer and the director of policy and research at ONCHIT. Under way is what Daniel described as a privacy and security "framework" made up of "high-level principals for privacy and security" that would serve as a guide to developing policy in the public and private sectors.
Today at AMIA, Leavitt will convene a meeting of his American Health Information Community, a committee of public officials and private-sector leaders to advise him on healthcare IT policy. Leavitt is transitioning AHIC to a private-sector organization before the Bush administration leaves office.
Daniel said the NCVHS today will present to AHIC the results of an ad hoc committee on the reuse of patient data gathered initially in the provision of patient care. To date, these so-called "secondary uses" of data have included being the raw materials for public health research as well as for commercial interests such as data-mining for the pharmaceutical and insurance industries. One recommendation of the report, according to several presenters at the AMIA meeting Monday, was a change in the healthcare "group speak," dropping the term "secondary use" in reference to, well, the secondary use of patient information other than for direct patient care and just refer to all uses of the data with the same language.
Daniel also gave an update on the work of a federally funded Health Information Security and Privacy Collaboration involving more than 30 states and Puerto Rico. Daniel said 14 HISPC participants have developed "solutions around consent" for use of patient data in health information exchanges, including the content of consent forms and the processes of obtaining consent.
One of the next steps for the HISPC, Daniel said, is coming up with a collaborative effort to bridge the variances in privacy laws between the states, which ONCHIT asserts present barriers to interoperability of health information technology.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.