Privacy Advocate Frustrated By Inertia

Tiger Team's Deven McGraw Calls for Regulatory Action

By , December 9, 2011.
Privacy Advocate Frustrated By Inertia
Read Transcript

Deven McGraw, co-chair of the Privacy and Security Tiger Team that's advising federal healthcare regulators, explains why she's frustrated by delays in rolling out new regulations to protect electronic health records and safeguard the exchange of patient information.

Widespread use of EHRs and health information exchanges has great potential to improve the quality of healthcare by making timely information available to caregivers, says McGraw, a consumer advocate. "But we're not going to get there unless we really pay attention to privacy and security issues. And that means clarity of the law, which requires the release of the regulations we've been waiting for ... and enforcing the laws better."

McGraw recently testified before a Senate subcommittee, expressing her dismay about delays in issuing long-overdue final versions of regulations to modify the Health Insurance Portability and Accountability Act's privacy and security provisions and finalize the HIPAA breach notification rule (see: HIPAA Updates: What's the Hold Up?).

In an interview with HealthcareInfoSecurity, she says it remains unclear when an omnibus package of regulations, including the HIPAA updates, will be completed. "It's really going to require a commitment from both the Department of Health and Human Services and the administration to expeditiously get this stuff out," she says. "We know that when something is a priority for them, they can do it."

The Tiger Team has made a long list of privacy and security recommendations to the Health IT Policy Committee, which advises HHS. But before the team works on new projects, McGraw would like to see HHS take action on implementing the proposals the group already has made.

"I personally feel that we have given them a lot of good recommendations over the past year and few of them have been acted on yet," she says. "My own view is that I'm a little bit reluctant to spend my own time, quite frankly, and the time of other people to continue to add to the pile until we get a sense of what HHS is willing to do. ..."

Regulations Pending

McGraw expects many of the team's recommendations, such as those regarding obtaining patient consent to exchange data, to wind up in the proposed Nationwide Health Information Network governance rule, which will provide guidelines for health information exchange. She says that rule is likely to come out by next spring at about the same time as proposed rules for Stage 2 of the HITECH Act electronic health record incentive program. The EHR incentive rules likely also will incorporate some Tiger Team proposals, McGraw notes. For example, the team has recommended that EHRs provide patients with the ability to download records.

"If those rules came out as a package, particularly if they are actually consistent in terms of the expectations that were set, that would be ideal," McGraw says.

Once the NwHIN governance rule is issued, members of the Tiger Team will "have a better picture of what we might need to do going forward," she ads.

2012 Activity

In the interview, McGraw also:

  • Discusses whether the departure of Donald Berwick, M.D., from the leadership post at the Centers for Medicare and Medicaid Services will have an impact on privacy and security issues;
  • Predicts that Congress, despite pressures to slash the federal budget, will not cut any unspent HITECH Act funding for electronic health record incentives because it would be "politically very difficult for Congress to take those incentives off the table." She says that's because the incentives amount to "reimbursement for money that many providers have already spent" to implement EHRs in anticipation of receiving the HITECH payments.

The interview took place at the American Conference Institute's Healthcare Information Privacy and Security Forum in Philadelphia, where McGraw was co-chair.

An attorney, McGraw is director of the health privacy project at the Center for Democracy & Technology, a Washington-based, not-for-profit civil liberties organization. She focuses on developing and promoting policies that ensure the privacy of personal health information that is electronically shared.

Follow Howard Anderson on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Online Identity: The Legal Questions

The more organizations structure business and processes around online identities, the more they...

Latest Tweets and Mentions

ARTICLE Online Identity: The Legal Questions

The more organizations structure business and processes around online identities, the more they...

The ISMG Network