While health care legislation is stalled, movement continues on increasing the use of both health information technology and electronic health records. The National Coordinator for Health IT is coordinating this effort. Created as part of the American Recovery and Reinvestment Act, two Health IT committees, one on Policy and one on Standards, have been meeting since April, and both met in late August. On each committee’s website, there are archives of meeting materials from each committee meeting to date. They are very thorough and worth reviewing.
In two recent updates, Dr. David Blumenthal, National Coordinator for Health IT, outlined how he sees these changes unfolding. The first major initiative was the announcement of grants in support of Health IT Regional Extension Centers, and a separate grants program for states and qualified entities to develop streamlined and simplified policies, procedures and systems for electronic information exchange. While there will be technical challenges in rolling out more health information technology and electronic health records, the emphasis of the National Coordinator suggests that implementation will be a bigger hurdle for implementing health information technology. My observations of the most recent Health IT committee meetings supports this idea.
That’s not to say there aren’t issues to address for privacy and security, among other things. The committees appear to be working primarily from existing Health Care Information Technology Standards, and are guided by the Health Insurance Portability and Accountability Act (HIPAA) in the protection and security of health information. Unfortunately, that law was passed in 1996, and does not address many of the changes in information technology over the last 13 years (wireless being the first among many). The Health IT committees are aware of this big gap, but have not yet made definitive choices about how to address it. The Department of Health and Human Services just released interim rules on how health care providers, health plans and other HIPAA entities would handle data breach notification. The Federal Trade Commission has done the same for vendors of personal health records, and those rules should narrow the gap in HIPAA that technology has widened. But the gap remains.