Groups Push for Health IT Privacy Safeguards
U.S. lawmakers need to make sure privacy safeguards are in place before pushing electronic health records on the public, senators and witnesses at a hearing said.
Health IT improvements are needed to improve the quality and efficiency of health care in the U.S., but patients might be wary of electronic health records without strong privacy safeguards built in, Senator Patrick Leahy, a Vermont Democrat, said during a Senate Judiciary Committee hearing Tuesday.
"If you don't have adequate safeguards to protect privacy, many Americans aren't going to seek medical treatment," Leahy said. "Health-care providers who think there's a privacy risk ... are going to see that as inconsistent with their professional obligations, and they won't want to participate."
A US$825 billion economic stimulus package, called the American Recovery and Reinvestment Act, includes $20 billion targeted toward health IT efforts. The bill, which could come before the full House this week, establishes an Office of the National Coordinator for Health Information Technology, with the duty of driving health IT standards.
The bill would also create a national health IT research center and a series of health IT extension centers to help health-care providers and patients adopt electronic health records (EHRs). It would fund grant programs to help health-care providers adopt health IT and EHRs.
The bill would also provide EHR incentive payments to health-care professionals, with a $15,000 payment if EHRs are adopted in the first year and declining payments after that. Hospitals would also receive incentive payments.
The bill includes several privacy provisions. It extends privacy requirements to business associates of health-care providers, and it requires the U.S. Department of Health and Human Services to put out annual guidance on the most effective privacy safeguards. The bill also requires health-care providers to notify customers of any security breaches.
Microsoft, which has its own EHR product, sees the necessity of building in security, said Michael Stokes, principal program managers in the company's Health Solutions Group. "Health data is often considered more sensitive than other personally identifiable information," he said. "If health data is stolen or lost, it is not simply a matter of recovering financial assets. It can impact an individual's employment, ability to receive health care and social standing."
The stimulus package is a great opportunity to push health IT and health reform, said Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology. "It will help us create the information superhighway for health, that will improve health-care quality and engage more consumers in their care," she said to the Judiciary Committee.
While U.S. residents support a push toward greater use of IT in health care, they remain concerned about potential privacy problems, McGraw added. "Building trust in these systems is absolutely critical to realizing the benefits of this technology," she added.
Lawmakers need to balance privacy with the benefits that health IT can provide, said David Merritt, project director at the Center for Health Transformation and the Gingrich Group. "Privacy cannot be compromised, but neither can we compromise progress in pulling our health-care system out of the technological Stone Age," Merritt said. "We need to find the right balance between privacy at all costs and progress at any cost."
But privacy and progress don't have to conflict, McGraw said. Privacy is "not an obstacle; in fact, the opposite is true," she said. "Enhanced privacy and security developed in health IT will bolster consumer trust."
Whatever privacy and security safeguards are put in place, they will have to change as the industry develops, added James Hester, director of the Vermont Health Care Reform Commission. "The balance point is not static; it will evolve," he said. "We fully expect that the implementation of the initial privacy policies in the growing set of pilot health IT initiatives will teach us important lessons in the next couple of years."