The following appeared a few days ago.
For immediate release:
January 17, 2009
Brock N Meeks, CDT
(202) 637-9800 ex. 114
(703) 989-3547 (CELL)
Washington -- CDT applauds Congress for including critical privacy and security protections in the health information technology (health IT) portions of the American Recovery and Reinvestment Act of 2009, the proposed economic recovery bill.
"Now is the critical time for addressing privacy," said Deven McGraw, director of the Health Privacy Project at CDT. "Restoring public trust after it has been undermined by a high profile privacy violation, is far more difficult, and more expensive, than building it into the design of health IT systems from the beginning," McGraw said. "Ensuring adequate privacy and security protections for electronic health information will help facilitate the widespread adoption of health IT."
The bill's privacy provisions include the following:
- Stronger protections against the use of personal heath information for marketing purposes;
- Accountability for all entities that handle personal health information;
- A federal, individual right to be notified in the event of a breach of identifiable health information;
- Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
- Development and implementation of federal privacy and security protections for personal health records;
- Easy access by patients to electronic copies of their records; and
- Strengthened enforcement of health privacy rules.
The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.
Surveys show a majority of Americans support greater use of health IT. At the same time, consumers have significant privacy concerns about putting their medical records online. Providing a comprehensive framework of privacy and security protections for electronic personal health information is critical for building public trust in a nationwide health IT system.
Senate testimony from the Government Accountability Office last week underscored the need for privacy noting that, "a robust approach to privacy protection is essential to establish the high degree of public confidence and trust needed to encourage widespread adoption of health IT and particularly electronic medical records."
"An interconnected health system is possible only if there are sufficient protections in place for privacy and security," said Leslie Harris, President and CEO of the Center for Democracy & Technology. "It is critical that privacy provisions remain in this legislation as it moves forward. We look forward to working with Congress and the Administration to ensure we have a comprehensive privacy and security policy framework in place to protect personal health information."
The release is found here:
I have to say each of the seven bullet points could equally be popped into an Act of the Australian Parliament and make a considerable difference as well.
While they are at it they could also set a uniform approach to Health Information Privacy that would be enforceable nationwide and ensure that the rights of all the less powerful and influential are properly protected. Right now we have a state by state patchwork which includes nonsense such a permitting consent to be obtained on an ‘opt-out’ basis in the NSW Healthelink trail.
It is important to keep an eye on the following site in the next few months.
This is because we must be getting close to the time when the outcome of the Australian Law Reform Commission’s Review of the Federal Privacy Act is finalised. The ALRC's review of privacy was handed to Government on 31 May 2008 and to date I have not seen the government response.
For those interested it is worth noting Short final submissions to Government identifying any perceived problems or gaps with the ALRC's recommendations in relation to the UPPs or credit provisions can be lodged up until the end of January 2009.
The Government response can’t be far off now! It will be interesting to see how many of the issues raised above are properly addressed.
p.s. This is the 700th post on the blog. Bets taken on when we will reach 1000 with e-health still not properly addressed!