Just as the end of the Bush era is reached there has been significant movement on the privacy front in the US.
The release and the initial reaction is covered here.
Posted: December 22, 2008 - 5:59 am EDT
HHS' release last week of several privacy and security policy documents irked privacy experts over their lack of specifics, but even when they got specific, the privacy community members didn’t much care for the details.
Take HHS Secretary Mike Leavitt’s approach to addressing privacy protection for individuals who might want to use a personal health record.
According to Dixon, breaches of policies outlined on a PHR vendor’s privacy statement are being left to enforcement as a breach of promise or a false advertising claim under the jurisdiction of the Federal Trade Commission, not the civil rights office at HHS, which is assigned to enforce healthcare privacy rules under HIPAA and can refer serious violators to the Justice Department for criminal prosecution. “We know the FTC can enforce them, but also know they’ve been enormously unsuccessful,” Dixon said. People do not read privacy notices, and they do not understand the notices that they read.”
In April 2004, President Bush issued an executive order that created the Office of the National Coordinator for Health Information Technology and instructed it to "maintain, and direct the implementation of a strategic plan to guide the nationwide implementation of interoperable health information technology.” According to the order, the plan must “address privacy and security issues” related to that technology.
Perhaps the most controversial part of the framework, according to the privacy experts contacted, was found in the glossary, in an appendix on the final page of the document. ONCHIT and Leavitt’s advisory body, the American Health Information Community, often have used the word privacy, but have been loath heretofore to provide a definition of the key term.
But the framework finally took a stab at it, defining privacy as: “An individual’s interest in protecting his or her individually identifiable health information and the corresponding obligation of those persons and entities that participate in a network for the purposes of electronic exchange of such information, to respect those interests through fair information practices.”
Much more here:
The link to the original release is here:
and more material is found here:
Further comment is also found here:
Posted: December 23, 2008 - 5:59 am EDT
"No privacy, no peace" could be a slogan we’ll hear a lot during the 111th Congress when it convenes next year.
Members of both houses of Congress have already received a letter from a healthcare coalition warning legislators who are considering information technology booster bills against deviating from the status quo of current privacy rules and laws. Meanwhile, a privacy rights organization sent an opposing letter to House and Senate leaders asking them to insist on the restoration of privacy protections they say were eroded under the Bush administration.
Mary Grealy, president of the Washington-based Healthcare Leadership Council and the Confidentiality Coalition it organized, sent her letter warning that “we are extremely worried that some privacy provisions that have been proposed would have a negative impact on the quality and safety of our healthcare system and counteract the positive benefits of HIT and any economic stimulus effect.” The letter was addressed to House Speaker Nancy Pelosi (D-Calif.) and Senate President Harry Reid (D-Nev.) and copied to all members of Congress. Healthcare Leadership Council members include leaders of many of the major pharmaceutical manufacturers, as well as pharmacy benefits management companies, payers and a few providers.
This has been followed up by the following announcement.
The Certification Commission for Healthcare Information Technology intends to incorporate elements of the federal government’s newly announced privacy and security framework as the organization continues work on personal health record certification.
The Health and Human Services Department earlier this week issued the framework along with a privacy and security toolkit. The latter includes a draft privacy notice for personal health records. The notice has a facts-at-a-glance label that will let consumers compare the privacy policies of various PHRs.
CCHIT continues to refine draft criteria for its PHR certification program, which the commission plans to launch next year.
The privacy labeling approach helps in organizing for different types of PHR models, noted Dr. Mark Leavitt, CCHIT's chair.
PHRs are split into two main categories: linked PHRs sponsored by a health provider or plan and independent PHRs offered through companies such as Google.
CCHIT views the federal framework as providing direction.
What I see as useful here is that we have concerted considered action and the start of real discussion about what will actually be done in the opening months of the Obama Administration. Some good preparatory has been done which will help get things rolling.