Report Calls for EHR Privacy Action
Bipartisan Effort Focuses on Making Most of HITECH Dollars
Much more work needs to be done to build public trust in efforts to protect the privacy and security of electronic health records and the exchange of health information, according to a new report from The Bipartisan Policy Center.
See Also: OnDemand | Driving Security, Privacy, & Compliance Goals by Accelerating HITRUST Certification
The report from the center, which was founded by former Senate majority leaders, makes six recommendations - including adequately addressing privacy and security concerns - to ensure the effective use of up to $30 billion in HITECH Act investments in healthcare IT. The HITECH Act, part of the healthcare reform package, included funding of incentives to hospitals and physicians to use EHRs.. It also is helping fund development of statewide health information exchanges.
"Solidifying public trust in and support for health IT and electronic health information exchange initiatives will require assurance about the processes used to protect the privacy and security of health information," the report stresses.
Key Privacy, Security Steps
To address privacy and security issues, the report recommends federal healthcare regulators:
- Require consistent protections for personal health information. The report expresses concern that the HIPAA privacy and security rules do not apply to commercial firms that market personal health records to consumers. Regulators are way behind schedule in offering Congress a report on addressing this issue, as required under the HITECH Act.
- Issue comprehensive and clear guidance. "The administration should consistently issue comprehensive and clear guidance on compliance with federal privacy and security laws covering personal health information with reasonable and achievable implementation timelines," the report states. Some entities are reluctant to adopt electronic records and exchange information, the report notes, because of "uncertainty about how to comply with existing and new health data privacy and security laws and regulations, coupled with concerns about liability."
- Develop and implement a national strategy for accurate patient matching. The report calls for federal policymakers to work with others to implement a national strategy for accurately matching patients to their health information. This reinforces an earlier recommendation of the Privacy and Security Tiger Team, which advises federal regulators.
- Disseminate "common sense" security practices. "HHS [The Department of Health and Human Services] should encourage and support the development and widespread dissemination of basic, 'common-sense' security practices to healthcare providers, healthcare professionals and individuals and organizations working within the healthcare industry."
Overcoming Barriers
In addition to addressing privacy and security issues, the report outlines five other ways to help overcome barriers to making the most of massive federal healthcare IT investments. Some of the recommendations for getting the best return on the $30 billion investment make reference to efforts already under way at the federal level. They include:
- Better align financial incentives to reward high-quality, cost-effective care that's support by the latest IT.
- Improve efforts to promote health information exchange, such as by developing policies and standards;
- Educate healthcare providers to use online tools to help consumers access their health information;
- Expand provider education and implementation assistance, including the development of best practices for using EHRs;
- Make sure federal health IT goals are aligned with healthcare reform efforts, such as, for example, using electronic records to support research on what treatments yield the best outcomes.
