Official: Panel wants privacy protection for electronic medical records

Federal advisory group also delays consent management until 2015

A federal advisory panel on patient privacy wants encryption, strong access controls and audits to protecting patients' medical records under the program advanced by the economic stimulus law, according to the co-chair of the group.

“The data will be encrypted and not set for easy access,” Steven Findlay, co-chair of the Health Information Technology Standards Committee’s Privacy and Security Workgroup, told Federal Computer Week July 23. “There will be a focus on access controls and audits.”

Under the economic stimulus law, the Obama administration and Congress are offering at least $17 billion in payments to doctors’ offices and hospitals that adopt and "meaningfully" use certified electronic health records (EHRs). Congress set up the Health IT Standards Committee to recommend standards for certification and meaningful use.

On July 21, the Policy and Security Workgroup, headed by Findlay, who is senior health policy analyst at the Consumers Union, and Dixie Baker, senior vice president of Science Applications International Corp., presented a framework of 37 technical standards to be implemented in 2011, 2013 and 2015. The presentation was made to the standards committee.

The workgroup initially surveyed available industry privacy and security standards, and determined their level of maturity, Findlay said. They suggested the schedule for implementation to roughly match the levels of maturity in the existing standards, he said.

However, a privacy advocate is raising concerns about the proposed schedule. Dr. Deborah C. Peel, founder of the Coalition for Patient Privacy, said the proposals put off implementation of consent management tools until 2015, a delay that might limit the effectiveness of the tools. The consent management tools are software and legal policies that allow patients to control access to their medical data.

Peel said consent management is one of the most urgent priorities for consumers. “The one thing that means the most to consumers is going to be delayed for five or six years,” Peel said. “This is a stunning defeat for consumer protection.”

She suggested that health IT industry members and vendors of legacy health IT systems on the standards committee are not eager to adopt consent management tools and give up control of patient data, and consumers are being left behind. “What we have are foxes designing the hen coops,” she said.

Findlay said the workgroup determined that consent management standards are not mature and likely will not be ready for implementation until 2015. “The standards do not currently exist to do the complexity of consent management that we would like to see,” he said.

Furthermore, he said, the workgroup believes that strong access controls and encryption are more important to consumers in protecting their medical data. “Consent management is not the way to achieve patient privacy,” he said.

The standards committee, which will meet August 20, is expected to forward a recommendation later this year to the Health and Human Services Department. That department is expected to publish one or more rulemakings on the health IT standards for meaningful use and certification under the economic stimulus law by year’s end.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.