'08 Tech Policy Outlook: Health Privacy and Health IT
A policy goal – like privacy protections – that has been tried repeatedly over the last few years has been legislation or other efforts to encourage the adoption of health information technology. Previous attempts have stalled somewhere in the halls of Congress, and the most recent health legislation – HIPAA – the Health Insurance Portability and Acountability Act has prompted criticism from some that the bill overregulates and from others that health privacy is at risk. This year there are two bills that legislators will try and navigate through Congress that stand the best chance of becoming law. There will no doubt be others, but the two I will discuss below have already attracted the attention of those groups interested in health privacy and health information technology (like with many other issues, privacy is a factor in health information technology).
The Wired Act, S 1693, sponsored by Senator Kennedy (D-MA) and co-sponsored by 12 other senators (including the two Democratic presidential contenders), was introduced last year and has been approved by the Senate Health, Education, Labor and Pensions Committee. Its focus is on health information technology. The bill, in its current form (which is available online), would do the following (among other things):
- Writes into law the Office of the National Coordinator for Health Information Technology. This office, established by executive order in 2004, is responsible for expanding the use of health information technology, with special attention to services for chronic disease and pain, as well as communities with health disparities.
- Creates two advisory bodies – one a public-private partnership – to advise the Coordinator and the Secretary of Health and Human Services (HHS) on health IT standards and infrastructure.
- Requires the HHS Secretary to contract with private organizations for the storage of federal health data. These organizations must then develop research and reports on performance based on this information.
- Provides money through grants or loans to help other entities implement health IT.
- Designates a single organization to promote the development and use of quality measures for health care received by patients.
- Extends HIPAA level privacy protections to health information databases (those who feel HIPAA has undermined privacy are not pleased with this provision).
- Requests the Government Accountability Office to study when people should be notified that their records have been improperly disclosed.
A review of previous posts we’ve made on Health IT reflects the difficulty of successfully passing legislation on this subject. If Markey’s bill emerges from the four committees that are assigned to it, it must then be reconciled with the Senate legislation. The major challenge there will likely be with the differences in privacy provisions. This may well take all year. What is unclear – as with any speculation about the future – is what special events my prompt (in)action on this topic. The recent decision by Google to test a medical record storage system may be such a special event.