Report Calls for EHR Privacy Action

Bipartisan Effort Focuses on Making Most of HITECH Dollars
Report Calls for EHR Privacy Action

Much more work needs to be done to build public trust in efforts to protect the privacy and security of electronic health records and the exchange of health information, according to a new report from The Bipartisan Policy Center.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

The report from the center, which was founded by former Senate majority leaders, makes six recommendations - including adequately addressing privacy and security concerns - to ensure the effective use of up to $30 billion in HITECH Act investments in healthcare IT. The HITECH Act, part of the healthcare reform package, included funding of incentives to hospitals and physicians to use EHRs.. It also is helping fund development of statewide health information exchanges.

"Solidifying public trust in and support for health IT and electronic health information exchange initiatives will require assurance about the processes used to protect the privacy and security of health information," the report stresses.

Key Privacy, Security Steps

To address privacy and security issues, the report recommends federal healthcare regulators:

  • Require consistent protections for personal health information. The report expresses concern that the HIPAA privacy and security rules do not apply to commercial firms that market personal health records to consumers. Regulators are way behind schedule in offering Congress a report on addressing this issue, as required under the HITECH Act.
  • Issue comprehensive and clear guidance. "The administration should consistently issue comprehensive and clear guidance on compliance with federal privacy and security laws covering personal health information with reasonable and achievable implementation timelines," the report states. Some entities are reluctant to adopt electronic records and exchange information, the report notes, because of "uncertainty about how to comply with existing and new health data privacy and security laws and regulations, coupled with concerns about liability."
  • Develop and implement a national strategy for accurate patient matching. The report calls for federal policymakers to work with others to implement a national strategy for accurately matching patients to their health information. This reinforces an earlier recommendation of the Privacy and Security Tiger Team, which advises federal regulators.
  • Disseminate "common sense" security practices. "HHS [The Department of Health and Human Services] should encourage and support the development and widespread dissemination of basic, 'common-sense' security practices to healthcare providers, healthcare professionals and individuals and organizations working within the healthcare industry."

Overcoming Barriers

In addition to addressing privacy and security issues, the report outlines five other ways to help overcome barriers to making the most of massive federal healthcare IT investments. Some of the recommendations for getting the best return on the $30 billion investment make reference to efforts already under way at the federal level. They include:

  • Better align financial incentives to reward high-quality, cost-effective care that's support by the latest IT.
  • Improve efforts to promote health information exchange, such as by developing policies and standards;
  • Educate healthcare providers to use online tools to help consumers access their health information;
  • Expand provider education and implementation assistance, including the development of best practices for using EHRs;
  • Make sure federal health IT goals are aligned with healthcare reform efforts, such as, for example, using electronic records to support research on what treatments yield the best outcomes.
The Bipartisan Policy Center formed a task force on delivery system reform and health IT to prepare the report. The task force included a cross-section of 24 experts representing healthcare providers, technology vendors, consumer advocates and others. Members include, for example, Robert Pearl, M.D., CEO of Kaiser Permanente; Deven McGraw, co-chair of the Privacy and Security Tiger Team; and John Glaser, CEO for health services at Siemens Healthcare. Task force co-chairs were former U.S. senators Tom Daschle and Bill Frist.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.