Health IT Privacy

Today I participated in a workshop held by the Center for Democracy and Technology (CDT), a nonprofit, public interest advocacy organization devoted to technology policy issues.  CDT runs a well-respected Health Privacy Project that is attempting to develop workable privacy and security policy solutions that will help facilitate the adoption and implementation of electronic medical and personal records and electronic health information exchange. 

Intel is a founding company of Dossia, a non-profit organization initiated by a consortium of large U.S. employers for the purpose of creating a national system to deliver personal health records (PHRs) for their employees.  As way of background, at the employee’s request, Dossia gathers health data from both institutional sources (insurance claims, laboratory, pharmacy, hospital, and physician) and personal sources (health devices, self entered information, personal biometrics) and facilitates the transfer of electronic copies into the employee’s PHR. Once gathered and securely stored in the Dossia database, the electronic summary of health information is portable. Dossia’s intent is to make the PHRs continually available to individuals for life, even if they change employers, insurers, or healthcare providers. 

 CDT’s workshop today addressed privacy and security protections for PHRs, focusing in particular on those that are not already covered by the federal HIPAA privacy and security rules.  The workshop discussed the extent to which PHRs are covered by existing federal privacy and consumer protection laws, what products and services might be covered by the stimulus act’s definition of PHRs, and what the regulatory and enforcement landscape for PHRs might (and should) look like.  The workshop brought together many of the relevant stakeholders to explore the possibility of developing consensus on policies related to PHRs, and produced some very important and valuable discussions.

 There is a great deal of policy activity taking place concerning privacy and security requirements of PHRs.  I’ll have more posts in the coming weeks on this issue.

One Response to Health IT Privacy

  1. DB says:

    In addition to the type of protections you discussed, I hope you will also consider new federal rules to protect civil liberties. Is information stored in PHRs subject to Fourth Amendment protections?
    Let’s say there is a serious H1N1 outbreak in my city, and I go to the doctor with a fever and cough. What’s to stop the CDC from mining your database and showing up at my door to ship me off to quarantine?