Tuesday, February 03, 2009

A Press Release On Health Information Privacy Worth Noting.

The following appeared a few days ago.

For immediate release:
January 17, 2009

Contact:
Brock N Meeks, CDT
(202) 637-9800 ex. 114
(703) 989-3547 (CELL)

CDT Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill

Washington -- CDT applauds Congress for including critical privacy and security protections in the health information technology (health IT) portions of the American Recovery and Reinvestment Act of 2009, the proposed economic recovery bill.

"Now is the critical time for addressing privacy," said Deven McGraw, director of the Health Privacy Project at CDT. "Restoring public trust after it has been undermined by a high profile privacy violation, is far more difficult, and more expensive, than building it into the design of health IT systems from the beginning," McGraw said. "Ensuring adequate privacy and security protections for electronic health information will help facilitate the widespread adoption of health IT."

The bill's privacy provisions include the following:

  • Stronger protections against the use of personal heath information for marketing purposes;
  • Accountability for all entities that handle personal health information;
  • A federal, individual right to be notified in the event of a breach of identifiable health information;
  • Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
  • Development and implementation of federal privacy and security protections for personal health records;
  • Easy access by patients to electronic copies of their records; and
  • Strengthened enforcement of health privacy rules.

The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.

Surveys show a majority of Americans support greater use of health IT. At the same time, consumers have significant privacy concerns about putting their medical records online. Providing a comprehensive framework of privacy and security protections for electronic personal health information is critical for building public trust in a nationwide health IT system.

Senate testimony from the Government Accountability Office last week underscored the need for privacy noting that, "a robust approach to privacy protection is essential to establish the high degree of public confidence and trust needed to encourage widespread adoption of health IT and particularly electronic medical records."

"An interconnected health system is possible only if there are sufficient protections in place for privacy and security," said Leslie Harris, President and CEO of the Center for Democracy & Technology. "It is critical that privacy provisions remain in this legislation as it moves forward. We look forward to working with Congress and the Administration to ensure we have a comprehensive privacy and security policy framework in place to protect personal health information."

The release is found here:

http://cdt.org/press/20090117press.php

I have to say each of the seven bullet points could equally be popped into an Act of the Australian Parliament and make a considerable difference as well.

While they are at it they could also set a uniform approach to Health Information Privacy that would be enforceable nationwide and ensure that the rights of all the less powerful and influential are properly protected. Right now we have a state by state patchwork which includes nonsense such a permitting consent to be obtained on an ‘opt-out’ basis in the NSW Healthelink trail.

It is important to keep an eye on the following site in the next few months.

http://www.privacy.gov.au/health/index.html

This is because we must be getting close to the time when the outcome of the Australian Law Reform Commission’s Review of the Federal Privacy Act is finalised. The ALRC's review of privacy was handed to Government on 31 May 2008 and to date I have not seen the government response.

For those interested it is worth noting Short final submissions to Government identifying any perceived problems or gaps with the ALRC's recommendations in relation to the UPPs or credit provisions can be lodged up until the end of January 2009.

The Government response can’t be far off now! It will be interesting to see how many of the issues raised above are properly addressed.

David.

p.s. This is the 700th post on the blog. Bets taken on when we will reach 1000 with e-health still not properly addressed!

D.


2 comments:

  1. Some decision makers will have noticed that "Google crash" a couple days back that was caused by a programmers errant /. It's just another nail in the coffin of massive centralised databases that put at risk any highly confidential information on citizens' personal details.
    But we need digital records of specific events and measures that are required for public health and research. There's no reason why the structures that hold essential data cannot include the level of redundancies, conservation, feedback and auto-correction that's built into the genetic code.
    The trouble with such a scheme is that it would be over-engineered to blazes, and therefore very expensive and not profitable and so of no use to any half-decent business model.

    ReplyDelete
  2. You know the bureaucrats are busy protecting their jobs. It is in their interests to string this process of security and ehealth development out as long as they can. It is also in their interests to have the states acting out of synch. and to have multiple projects scattered far and wide to manage. This gives them a purpose for being. I've had enough experience working inside the bureaucracy at various levels to know how true this is.

    ReplyDelete