’08 Tech Policy Outlook: Health Privacy and Health IT

A policy goal – like privacy protections – that has been tried repeatedly over the last few years has been legislation or other efforts to encourage the adoption of health information technology. Previous attempts have stalled somewhere in the halls of Congress, and the most recent health legislation – HIPAA – the Health Insurance Portability and Acountability Act has prompted criticism from some that the bill overregulates and from others that health privacy is at risk. This year there are two bills that legislators will try and navigate through Congress that stand the best chance of becoming law. There will no doubt be others, but the two I will discuss below have already attracted the attention of those groups interested in health privacy and health information technology (like with many other issues, privacy is a factor in health information technology).

The Wired Act, S 1693, sponsored by Senator Kennedy (D-MA) and co-sponsored by 12 other senators (including the two Democratic presidential contenders), was introduced last year and has been approved by the Senate Health, Education, Labor and Pensions Committee. Its focus is on health information technology. The bill, in its current form (which is available online), would do the following (among other things):

  • Writes into law the Office of the National Coordinator for Health Information Technology. This office, established by executive order in 2004, is responsible for expanding the use of health information technology, with special attention to services for chronic disease and pain, as well as communities with health disparities.
  • Creates two advisory bodies – one a public-private partnership – to advise the Coordinator and the Secretary of Health and Human Services (HHS) on health IT standards and infrastructure.
  • Requires the HHS Secretary to contract with private organizations for the storage of federal health data. These organizations must then develop research and reports on performance based on this information.
  • Provides money through grants or loans to help other entities implement health IT.
  • Designates a single organization to promote the development and use of quality measures for health care received by patients.
  • Extends HIPAA level privacy protections to health information databases (those who feel HIPAA has undermined privacy are not pleased with this provision).
  • Requests the Government Accountability Office to study when people should be notified that their records have been improperly disclosed.

The other legislation, HR 5442, the Technologies for Restoring Users’ Security and Trust (TRUST) in Health Information Act, was introduced last week by Representative Markey (D-MA), a member of the House Energy and Commerce Committee. The bill shares many of the same general provisions as the Wired Act, but the privacy details are much more detailed and extensive. They reflect the general privacy provisions outlined in the USACM Privacy Policy, providing individuals with the right to review, access, and notice concerning their personal health information. Other parties can access the information under some limited exceptions, which include law enforcement, public health, reporting abuse and neglect, disclosure to authorized representative, health research and health oversight. Privacy advocates will likely be predisposed to this legislation for the additional privacy language. The Thomas server doesn’t have the bill text just yet, but you can review the bill information online.

A review of previous posts we’ve made on Health IT reflects the difficulty of successfully passing legislation on this subject. If Markey’s bill emerges from the four committees that are assigned to it, it must then be reconciled with the Senate legislation. The major challenge there will likely be with the differences in privacy provisions. This may well take all year. What is unclear – as with any speculation about the future – is what special events my prompt (in)action on this topic. The recent decision by Google to test a medical record storage system may be such a special event.

This entry was posted in Privacy and Security. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.