Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
July 02, 2014 01:00 AM

ONC's Pritts says feds have put more muscle behind privacy protection

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Pritts

    When Joy Pritts steps down this month after 4½ years as the first chief privacy officer at the Office of the National Coordinator for Health Information Technology at HHS, she'll leave convinced the feds have put extra oomph into privacy protection.

    Pritts gave her notice last month. Her last day is July 12.

    Pritts said she came into office with a list of things to do and, looking back, accomplished quite a few of them. The highlight achievement of her tenure, she said, was to see “the change in the tone of the discussion around privacy and security.”

    “I think that it has long been voiced that it is a priority,” she said, but the feds are “putting our muscle behind it now.”

    “When the Affordable Care Act comes out, and there are paragraphs about privacy and security in health information exchange organizations, you think that's not an accomplishment? We do.”

    She also pointed to inclusion of a strong privacy statement in HHS' overall strategic plan. It says, in part, “The success of health IT and eHIE is dependent on patients' trust that their health information will be kept private and secure and that their rights with respect to this information will be respected.”

    “We've definitely and concretely put health information exchange on a path where people will no longer be able to argue that it is impossible to share information that requires special treatment,” she said.

    It was a reference to years of behind-the-scenes work at ONC and with private-sector participants developing and pilot testing standards for tagging and exchanging medical records containing particularly sensitive—and legally constrained—information, such as the medical records of patients at drug and alcohol abuse treatment centers.

    ONC and HHS have worked together to afford patients with direct access to their lab results, culminating in a rule issued in February amending the Clinical Laboratory Improvement Act and trumping regulations in 13 states.

    “One of the most important pieces of information for patients is the results of their lab tests,” Pritts said. “People will now get access to those results directly from their labs.”

    Pritts also pointed to a communication strategy for health data security. “It's a team effort here. We say everyone is responsible for security of health information, including the vendors. We, through certification criteria (under the federal EHR incentive payment program) have encouraged vendors to build in more security into their products.”

    Breach reports tell story

    Also included in providers' meaningful-use criteria under the program is a requirement that providers must attest that they have conducted a data security risk assessment. It was already a requirement under the Health Insurance Portability and Accountability Act that providers conduct risk assessments, but it wasn't getting done, Pritts noted.

    “We could tell by looking at the breach reports, it was one of the areas that really needed to be addressed,” she said.

    Providers must inform the Office for Civil Rights at HHS of health data breaches, one of numerous privacy and security requirements of the HITECH provisions of the American Recovery and Reinvestment Act of 2009, which also created the chief privacy officer position.

    By adding a risk assessment attestation requirement to the meaningful criteria, the feds reinforced, and highlighted, that it needed to be done.

    “If you draft a reg, you've done part of your job,” Pritts said. “It's also part of the government's job to communicate that out to the stakeholders.”

    Pritts was a privacy lawyer and associate professor at the Georgetown University Health Policy Institute on Feb. 18, 2010 when she named ONC's first chief privacy officer.

    For many privacy advocates, patient consent—that is, the ability of a patient to control the exchange or use of his or her medical records—is the sine qua non of privacy.

    Consent is one of the five totemic Fair Information Practices Principles of 1973 on which many privacy rules around the world are based. Consent is the definition of privacy according to a report by the National Center for Vital and Health Statistics that studied healthcare information privacy in the digital age and made recommendations about it to HHS. Patient consent would have been required for disclosure of patient information for treatment, payment and other healthcare operations had the initial final privacy rule under the HIPAA gone into effect. That rule was pre-empted by HHS in 2002, replacing consent with HHS's authorization to disclose patient information without consent for those uses.

    Since then, the restoration of patient consent has been a key objective in a trench war fought by privacy advocates. The latest battle ground over consent is the federal rule governing the records of many drug and alcohol abuse patients called 42 CFR Part 2. More stringent that HIPAA, it requires a patient's prior consent be given before their treatment records are disclosed, even for treatment or payment.

    ONC—with Pritts' involvement—oversaw multiple pilot programs to test various policies and technologies for consent management of these treatment records as well as other sensitive information similarly impacted by state privacy laws.

    Walking the walk

    The most important lesson learned from the pilots, Pritts said, was “that is possible for a behavioral healthcare provider to disclose information in accordance with 42 CFR Part 2. They can do it.”

    In a 2007 interview, after completing a report on privacy laws and practices in several foreign countries, Pritts said, "We in the U.S. like to think that we are the foundation of democracy, and you look at other countries and they give their patients a lot more choice, from a policy angle." In the seven years since, Pritts said, the U.S. has moved to close the choice gap.

    “In some ways, we the United States have leapfrogged other countries with respect to privacy. We have a breach notification requirement that is unparalleled. Our definition of what is de-identified is clearer than I've seen in any (other) statute. Enforcement wise, I don't think you'd see any other country that is more stringent that what is coming out of Office for Civil Rights. A lot of countries talk the talk but they don't walk the walk.”

    So, what's next for Pritts?

    “I plan to take a nice, long vacation,” Pritts said, then look for something else. “It's impossible to look for another position while I'm still here and still working, and I am still working. here is a whole lot going on, and I'm sure I'm going to be doing something fun.”

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Judy_Faulkner_Epic_HIMSS17_edit_i.jpg
    Epic outlines what's ahead for patient portal, Cosmos
    Cerner_fullsize_AP_i.jpg
    Cerner to pay $1.8M to resolve racial discrimination allegations
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing