[Infowarrior] - Warnings Over Privacy of U.S. Health Network

[Richard Forno]

February 18, 2007
Warnings Over Privacy of U.S. Health Network
By ROBERT PEAR
http://www.nytimes.com/2007/02/18/washington/18health.html?_r=1&oref=slogin&
pagewanted=print

WASHINGTON, Feb. 17 ‹ The Bush administration has no clear strategy to
protect the privacy of patients as it promotes the use of electronic medical
records throughout the nation¹s health care system, federal investigators
say in a new report.

In the report, the Government Accountability Office, an investigative arm of
Congress, said the administration had a jumble of studies and vague policy
statements but no overall strategy to ensure that privacy protections would
be built into computer networks linking insurers, doctors, hospitals and
other health care providers.

President Bush has repeatedly called for the creation of such networks,
through which health care providers could share information on patients. In
2004, Mr. Bush declared that every American should have a ³personal
electronic medical record² within 10 years ‹ by 2014. With computerized
records, he said, ³we can avoid dangerous medical mistakes, reduce costs and
improve care.²

In response to the president¹s plea, federal officials have developed
elaborate plans for what they describe as ³a nationwide health information
network.² Mr. Bush has said: ³One of the things I¹ve insisted upon is that
it¹s got to be secure and private. There¹s nothing more private than your
own health records.²

But in the report, issued this month, the G.A.O. said the administration had
taken only rudimentary steps to safeguard sensitive personal data that would
be exchanged over the network.

Senator Daniel K. Akaka, Democrat of Hawaii, who requested the
investigation, said it showed that ³the Bush administration is not doing
enough to protect the privacy of confidential health information.² As a
result, Mr. Akaka said, ³more and more companies, health care providers and
carriers are moving forward with health information technology without the
necessary protections.²

In written comments on the report, Jim Nicholson, the secretary of veterans
affairs, who supervises one of the nation¹s largest health care systems,
said, ³I concur with the G.A.O. findings.²

But Dr. Robert M. Kolodner, who coordinates work on information technology
at the Department of Health and Human Services, disputed the findings. Dr.
Kolodner said his department was ³very committed to privacy and security as
it works toward the president¹s goal² of switching medical records from
paper to electronic files.

Mark A. Rothstein, the chairman of a panel that advises the government on
health information policy, essentially agreed with the accountability
office. ³Health privacy has not received adequate attention at the
Department of Health and Human Services,² said Mr. Rothstein, a professor of
law and medical ethics at the University of Louisville School of Medicine.
³A sense of urgency is lacking.²

Mr. Rothstein said ³time is of the essence² because ³the private sector is
racing ahead² to establish medical record banks and health information
exchanges. In December, he noted, Wal-Mart, Intel and other companies
announced they were creating a huge database that could store the personal
health records of more than 2.5 million employees and retirees. The
companies promised they would have ³stringent privacy policies and
procedures.²

Mr. Rothstein said Congress should not provide more money for a nationwide
health information network unless the administration did more to protect the
privacy of electronic medical records.

Dr. William A. Yasnoff, a physician and computer scientist who worked at the
Department of Health and Human Services from 2002 to 2005, said he too had
found that ³the department does not have a comprehensive approach to
privacy.²

Explaining why he saw a need for stronger privacy protections in the digital
age, Dr. Yasnoff said: ³Anything you do to make information more accessible
for good, laudable purposes will simultaneously make it more accessible for
evil, nefarious purposes. People intuitively understand that, and they are
worried.²

The accountability office said doubts about privacy could slow the adoption
and use of electronic medical records. Professor Rothstein offered a similar
prediction, saying: ³If privacy protections are not built into the network,
people will not trust it. They won¹t participate, or they will opt out if
they are allowed to.²

Legislation to encourage the use of health information technology has broad
bipartisan support but died in Congress last year, partly because of
disagreements over privacy protections.

Under Mr. Bush¹s proposal, lawmakers said, it is not clear how much control
people would have over their electronic medical records.

Several members of Congress have drafted legislation to clarify consumers¹
control over such data. One proposal, by Senator Sam Brownback of Kansas and
Representative Paul D. Ryan of Wisconsin, both Republicans, would establish
health data banks in which people could store electronic copies of their
medical records. Under the bill, a consumer would ³maintain ownership over
the entire health record² and could control access to it.

By contrast, under existing federal rules, hospitals and other health care
providers generally do not have to obtain a patient¹s consent to use or
disclose information for ³treatment, payment or health care operations.²