Health IT

Privacy debate gets new urgency

As the stimulus train speeds ahead, will patient protections stay on board?

As part of its economic stimulus package, Congress seems ready to provide at least $20 billion in new spending and tax incentives to kickstart the long-standing desire to convert the nation’s health care information to digital records. But the rush to pump this money to hospitals and doctors also gives a new sense of urgency to the still-unresolved debate about how to safeguard the privacy of patients.

The House and Senate versions of the bill currently contain provisions to safeguard patient information. But privacy advocates worry that these protections could be watered down if health care industry executives push for leniency on privacy in favor of the free exchange of information. It’s the same debate that has stymied widespread adoption of electronic health records for the past several years.

“Our members are conflicted on this,” said Brian Wagner, director of government relations for the eHealth Initiative, a nonprofit group that represents a broad range of health care stakeholders. “A balance needs to be struck on what privacy and security protections are needed, while also continuing to enable exchange of information.”

Some health care industry executives warn that too much emphasis on privacy in the stimulus package might delay health information exchange.

“Patients need the peace of mind of knowing that their personal health information is protected,” said Karen Ignagni, president and chief executive officer of America’s Health Insurance Plans, a trade association of insurers. “However, if Congress enacts provisions that inhibit the secure exchange of health information, it will turn back the clock on efforts to coordinate patient care, improve health care quality, promote prevention and wellness, conduct comparative effectiveness research, and streamline health care administration.”

The $900 billion stimulus legislation includes substantial sums — approximately $20 billion in the House and $23 billion in the Senate — to go toward converting the nation to electronic health records. The House bill includes $2 billion and the Senate version $5 billion for the office of the National Coordinator for Health Information Technology to help set up a national legal and technical framework to securely exchange sensitive patient medical information. The goal is to reduce costs, eliminate duplicative treatments and improve care.

But even as Congress finds favor with health IT, doctors have been reluctant to adopt the technology. Consumers are leery of possible unauthorized release of their medical information because it might affect their jobs, credit and insurance. Former President George W. Bush aimed to create electronic health records by 2014, but progress has been slow. The most recent survey in 2007 showed only about 4 percent of the nation’s physicians use electronic records.

To speed adoption, the House and Senate stimulus bills contain roughly $18 billion each in financial incentives to physicians, in addition to an expansion and strengthening of existing privacy rules under the Health Insurance Portability and Accountability Act of 1996.

Privacy advocates have long argued that the HIPAA regulations in current form do not fully protect and secure sensitive records. The Health Information Technology for Economic and Clinical Health Act (HITECH), which was folded into the House stimulus bill, goes beyond HIPAA and contains privacy guidelines that affect how digital health data is created, accessed, stored, shared and controlled.

Privacy leaders are giving the package an initial thumbs up, but they remain wary that the protections might be diluted at the request of industry lobbyists.

“I’m still optimistic about the privacy language in the stimulus bill," said Deven McGraw, director of the health privacy project at the Center for Democracy and Technology. “I think the policy-makers realize that building consumer trust is critical to the success of health IT.”

“The HITECH Act is truly a giant step forward in protecting privacy and promoting health IT,” Dr. Deborah Peel, founder of the Patient Privacy Rights watchdog group, wrote to lawmakers Jan. 19. “We are united in our strong support for your common sense protections.”

The most critical provision is the prohibition on the sale of protected health information, Peel added. She also praised strong enforcement, breach notification, audit trail provisions and language that requires medical professionals to segment the most sensitive information with strong protections, but she worried those measures might be diluted in the final bill.

“Patient Privacy Rights urges members to fight any weakening of the provisions,” she wrote.

If the stimulus legislation now in Congress passes, at least $20 billion will become available to help convert the nation’s health care information to digital records. The Obama administration’s emphasis on health care information technology, coupled with the possible influx of funding, puts a new urgency on long-standing policy issues.

The legislation provides one example. It contains measures to safeguard the privacy of patients, but privacy advocates worry that the provisions could be watered down as the legislation moves toward passage. That could happen if health care industry executives push for leniency on privacy in favor of the free exchange of information. It could be a resumption of a long-standing and knotty debate that has stymied widespread adoption of electronic health records for the last several years.

“Our members are conflicted on this,” said Brian Wagner, director of government relations for the eHealth Initiative, a nonprofit group that represents a broad range of health care stakeholders. “A balance needs to be struck on what privacy and security protections are needed, while also continuing to enable exchange of information.”

Some health care industry executives warn that too much emphasis on privacy in the stimulus package might delay health information exchange.

“Patients need the peace of mind of knowing that their personal health information is protected,” said Karen Ignagni, president and chief executive officer of America’s Health Insurance Plans, a trade association of insurers. “However, if Congress enacts provisions that inhibit the secure exchange of health information, it will turn back the clock on efforts to coordinate patient care, improve health care quality, promote prevention and wellness, conduct comparative effectiveness research, and streamline health care administration.”

The $900 billion stimulus legislation includes substantial sums — approximately $20 billion in the House and $23 billion in the Senate — to go toward converting the nation to EHRs. The House bill includes $2 billion and the Senate version includes $5 billion for the office of the National Coordinator for Health Information Technology to help set up a national legal and technical framework to securely exchange sensitive patient medical information. The goal is to reduce costs, eliminate duplicative treatments and improve care.

But even as Congress approaches a consensus on health IT, doctors have been reluctant to adopt the technology. Consumers are leery of possible unauthorized release of their medical information because it might affect their jobs, credit and insurance. Former President George W. Bush aimed to create EHRs by 2014, but progress has been slow. The most recent survey in 2007 showed only about 4 percent of the nation’s physicians use electronic records.

To speed adoption, the House and Senate stimulus bills contain roughly $18 billion each in financial incentives to physicians, in addition to an expansion and strengthening of existing privacy rules under the Health Insurance Portability and Accountability Act of 1996.

Privacy advocates have long argued that the HIPAA regulations in current form do not fully protect and secure sensitive records. The Health Information Technology for Economic and Clinical Health Act (HITECH), which was folded into the House stimulus bill, goes beyond HIPAA and contains privacy guidelines that affect how digital health data is created, accessed, stored, shared and controlled.

Privacy leaders are giving the package an initial thumbs up, but they remain wary that the protections might be diluted at the request of industry lobbyists.

“I’m still optimistic about the privacy language in the stimulus bill," said Deven McGraw, director of the health privacy project at the Center for Democracy and Technology. “I think the policy-makers realize that building consumer trust is critical to the success of health IT.”

“The HITECH Act is truly a giant step forward in protecting privacy and promoting health IT,” Dr. Deborah Peel, founder of the Patient Privacy Rights watchdog group, wrote to lawmakers Jan. 19. “We are united in our strong support for your common sense protections.”

The most critical provision is the prohibition on the sale of protected health information, Peel added. She also praised strong enforcement, breach notification, audit trail provisions and the language that requires medical professionals to segment the most sensitive information with strong protections, but she worried those measures might be diluted in the final bill.

“Patient Privacy Rights urges members to fight any weakening of the provisions,” she wrote.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above