What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

Close

Official: Panel wants privacy protection for electronic medical records

Federal advisory group also delays consent management until 2015

A federal advisory panel on patient privacy wants encryption, strong access controls and audits to protecting patients' medical records under the program advanced by the economic stimulus law, according to the co-chair of the group.

“The data will be encrypted and not set for easy access,” Steven Findlay, co-chair of the Health Information Technology Standards Committee’s Privacy and Security Workgroup, told Federal Computer Week July 23. “There will be a focus on access controls and audits.”

Under the economic stimulus law, the Obama administration and Congress are offering at least $17 billion in payments to doctors’ offices and hospitals that adopt and "meaningfully" use certified electronic health records (EHRs). Congress set up the Health IT Standards Committee to recommend standards for certification and meaningful use.

On July 21, the Policy and Security Workgroup, headed by Findlay, who is senior health policy analyst at the Consumers Union, and Dixie Baker, senior vice president of Science Applications International Corp., presented a framework of 37 technical standards to be implemented in 2011, 2013 and 2015. The presentation was made to the standards committee.

The workgroup initially surveyed available industry privacy and security standards, and determined their level of maturity, Findlay said. They suggested the schedule for implementation to roughly match the levels of maturity in the existing standards, he said.

However, a privacy advocate is raising concerns about the proposed schedule. Dr. Deborah C. Peel, founder of the Coalition for Patient Privacy, said the proposals put off implementation of consent management tools until 2015, a delay that might limit the effectiveness of the tools. The consent management tools are software and legal policies that allow patients to control access to their medical data.

Peel said consent management is one of the most urgent priorities for consumers. “The one thing that means the most to consumers is going to be delayed for five or six years,” Peel said. “This is a stunning defeat for consumer protection.”

She suggested that health IT industry members and vendors of legacy health IT systems on the standards committee are not eager to adopt consent management tools and give up control of patient data, and consumers are being left behind. “What we have are foxes designing the hen coops,” she said.

Findlay said the workgroup determined that consent management standards are not mature and likely will not be ready for implementation until 2015. “The standards do not currently exist to do the complexity of consent management that we would like to see,” he said.

Furthermore, he said, the workgroup believes that strong access controls and encryption are more important to consumers in protecting their medical data. “Consent management is not the way to achieve patient privacy,” he said.

The standards committee, which will meet August 20, is expected to forward a recommendation later this year to the Health and Human Services Department. That department is expected to publish one or more rulemakings on the health IT standards for meaningful use and certification under the economic stimulus law by year’s end.

About the Author

Alice Lipowicz is a staff writer for Federal Computer Week.

Reader comments

Fri, Oct 30, 2009 Reza Bayat Iran

Hi my name is reza bayat , I have mind control in my body , if you have any product to save me agaist this terrorist , please contact me : rezabayat3000@yahoo.com or 0098-21-88005678 I am looking to buy . best regards

Sun, Aug 23, 2009 MLCorbett MD

The only policy that will protect patient privacy and allow the wide utilization of accurate EMRs is that the patient has control over both the content of their EMR and who has access to it. Audits and encryption will not suffice.

Sat, Jul 25, 2009 Brian Ahier The Dalles, Oregon

If you missed the HIT STandards meeting I have posted the rough draft transcript and meeting materials: http://ahier.wordpress.com/2009/07/21/transcript-721-hit-standards-mtg/

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

eSeminar

  • Where Cyberwarfare and Cybersecurity Meet

    We invite you to attend the third event in this three-part series on Cybersecurity. 1105 Government Information Group will present a panel of government and cybersecurity experts including Gregory T. Garcia, the nation's first presidentially-appointed Assistant Secretary for CyberSecurity and Communications with the U.S. Department of Homeland Security, 2006-2008; and Jeffrey Carr, cyber strategies consultant and author of Inside Cyber Warfare, in this editorial webcast on Tuesday, April 13 at 11 a.m., where they will discuss the cyberwarfare threat to both industry and government, as well as strategies to consolidate the wider cybersecurity mission. Read more

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.

Highlights from the current issue