Quote Of The Year

Quote Of The Year - Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

Wednesday, January 07, 2009

The US Issues Updated Health Information Privacy Framework.

Just as the end of the Bush era is reached there has been significant movement on the privacy front in the US.

The release and the initial reaction is covered here.

Watchdogs take HHS policy privacy definition to task

By: Joseph Conn / HITS staff writer

Posted: December 22, 2008 - 5:59 am EDT

HHS' release last week of several privacy and security policy documents irked privacy experts over their lack of specifics, but even when they got specific, the privacy community members didn’t much care for the details.

Take HHS Secretary Mike Leavitt’s approach to addressing privacy protection for individuals who might want to use a personal health record.

Leavitt, delivering the keynote address at a national forum in Washington on the proposed national health information network, spoke at length about PHRs, so much so that several individuals who heard his speech concluded, incorrectly, all the privacy policy documents released that day applied only to PHRs. Leavitt introduced what he dubbed the “Leavitt Label,” a template that PHR vendors could use to provide plain-language guidance to patients about PHRs and the privacy policies of their vendors.

Pam Dixon, the executive director of the San Diego-based World Privacy Forum, said she had problems with Leavitt’s PHR approach. Dixon said she had hoped Leavitt would expand the scope of the privacy rule written by HHS under the 1996 Health Insurance Portability and Accountability Act to include all users of PHRs, but that was not the case. The PHR policy Leavitt outlined has no teeth, and amounts to no more than “a privacy policy posted on a Web site,” she said. “There is no one to enforce this, without regulation, to say the privacy policy has to say the truth.”

According to Dixon, breaches of policies outlined on a PHR vendor’s privacy statement are being left to enforcement as a breach of promise or a false advertising claim under the jurisdiction of the Federal Trade Commission, not the civil rights office at HHS, which is assigned to enforce healthcare privacy rules under HIPAA and can refer serious violators to the Justice Department for criminal prosecution. “We know the FTC can enforce them, but also know they’ve been enormously unsuccessful,” Dixon said. People do not read privacy notices, and they do not understand the notices that they read.”

In April 2004, President Bush issued an executive order that created the Office of the National Coordinator for Health Information Technology and instructed it to "maintain, and direct the implementation of a strategic plan to guide the nationwide implementation of interoperable health information technology.” According to the order, the plan must “address privacy and security issues” related to that technology.

HHS released that plan in June, said Jodi Daniel, the director of policy and research at ONCHIT at HHS, who coordinated the work on the privacy policy framework released last week. A new privacy and security framework also released Dec. 15 addresses two privacy and security strategies in that broader national IT plan, she said.

Perhaps the most controversial part of the framework, according to the privacy experts contacted, was found in the glossary, in an appendix on the final page of the document. ONCHIT and Leavitt’s advisory body, the American Health Information Community, often have used the word privacy, but have been loath heretofore to provide a definition of the key term.

But the framework finally took a stab at it, defining privacy as: “An individual’s interest in protecting his or her individually identifiable health information and the corresponding obligation of those persons and entities that participate in a network for the purposes of electronic exchange of such information, to respect those interests through fair information practices.”

Much more here:


The link to the original release is here:


and more material is found here:


Further comment is also found here:


Opposing privacy views aired in letters to Congress

By: Joseph Conn / HITS staff writer

Posted: December 23, 2008 - 5:59 am EDT

"No privacy, no peace" could be a slogan we’ll hear a lot during the 111th Congress when it convenes next year.

Members of both houses of Congress have already received a letter from a healthcare coalition warning legislators who are considering information technology booster bills against deviating from the status quo of current privacy rules and laws. Meanwhile, a privacy rights organization sent an opposing letter to House and Senate leaders asking them to insist on the restoration of privacy protections they say were eroded under the Bush administration.

Mary Grealy, president of the Washington-based Healthcare Leadership Council and the Confidentiality Coalition it organized, sent her letter warning that “we are extremely worried that some privacy provisions that have been proposed would have a negative impact on the quality and safety of our healthcare system and counteract the positive benefits of HIT and any economic stimulus effect.” The letter was addressed to House Speaker Nancy Pelosi (D-Calif.) and Senate President Harry Reid (D-Nev.) and copied to all members of Congress. Healthcare Leadership Council members include leaders of many of the major pharmaceutical manufacturers, as well as pharmacy benefits management companies, payers and a few providers.

This has been followed up by the following announcement.

Health IT certification group to embrace PHR privacy labeling

By John Moore

Published on December 19, 2008

The Certification Commission for Healthcare Information Technology intends to incorporate elements of the federal government’s newly announced privacy and security framework as the organization continues work on personal health record certification.

The Health and Human Services Department earlier this week issued the framework along with a privacy and security toolkit. The latter includes a draft privacy notice for personal health records. The notice has a facts-at-a-glance label that will let consumers compare the privacy policies of various PHRs.

CCHIT continues to refine draft criteria for its PHR certification program, which the commission plans to launch next year.

The privacy labeling approach helps in organizing for different types of PHR models, noted Dr. Mark Leavitt, CCHIT's chair.

PHRs are split into two main categories: linked PHRs sponsored by a health provider or plan and independent PHRs offered through companies such as Google.

CCHIT views the federal framework as providing direction.

More here:


What I see as useful here is that we have concerted considered action and the start of real discussion about what will actually be done in the opening months of the Obama Administration. Some good preparatory has been done which will help get things rolling.


No comments: