Policy@Intel
A place to exchange ideas and perspectives, promoting a thriving innovation economy through public policy
643 Discussions

Health IT Privacy

Not applicable
0 0 113

Today I participated in a workshop held by the Center for Democracy and Technology (CDT), a nonprofit, public interest advocacy organization devoted to technology policy issues.  CDT runs a well-respected Health Privacy Project that is attempting to develop workable privacy and security policy solutions that will help facilitate the adoption and implementation of electronic medical and personal records and electronic health information exchange. 

Intel is a founding company of Dossia, a non-profit organization initiated by a consortium of large U.S. employers for the purpose of creating a national system to deliver personal health records (PHRs) for their employees.  As way of background, at the employee’s request, Dossia gathers health data from both institutional sources (insurance claims, laboratory, pharmacy, hospital, and physician) and personal sources (health devices, self entered information, personal biometrics) and facilitates the transfer of electronic copies into the employee’s PHR. Once gathered and securely stored in the Dossia database, the electronic summary of health information is portable. Dossia’s intent is to make the PHRs continually available to individuals for life, even if they change employers, insurers, or healthcare providers. 

 CDT’s workshop today addressed privacy and security protections for PHRs, focusing in particular on those that are not already covered by the federal HIPAA privacy and security rules.  The workshop discussed the extent to which PHRs are covered by existing federal privacy and consumer protection laws, what products and services might be covered by the stimulus act’s definition of PHRs, and what the regulatory and enforcement landscape for PHRs might (and should) look like.  The workshop brought together many of the relevant stakeholders to explore the possibility of developing consensus on policies related to PHRs, and produced some very important and valuable discussions.

 There is a great deal of policy activity taking place concerning privacy and security requirements of PHRs.  I’ll have more posts in the coming weeks on this issue.