Health Privacy: One Step Closer
So, the Massachusetts legislature wrapped up the FY07-FY08 session early Friday morning. The wonky-hot legislative item that AAC was watching was the Senate President’s Healthcare Cost Containment bill, S2863 – followed by the press primarily for its attempts at restricting gifts from pharma. Check out HCFA’s blog to get a blow-by-blow on the fight put up on the issue of limiting gifts from pharma and the historic same sex equity bills enacted.
The component of this legislation that stoked AAC’s fire is the establishment of a program for the statewide adoption of electronic health records by 2015. A statewide interoperable electronic health records (EHR) system has potential to enhance quality, increase patient engagement, reduce duplication of tests, and contain costs. Those benefits can only be reached if consumers and providers both trust the system.
Privacy and data security issues surrounding electronic health records generally largely fall into two categories: (1) concerns about breaches or unauthorized disclosures of information and (2) concerns about the systemic flow of information throughout the system, like sharing identifiable health information with entities that are part of the system.
So let’s look at these. Think that breaches don’t happen? Breach Blog verifies that there have been 12 reported breach or disclosure problems within the healthcare industry alone in the last 6 months. Check out Fierce Health IT too for their running list of security breaches.
How information is shared within the healthcare system, is, I think the scarier area. Think that HIPAA covers you? Check here and here to see what is completely allowable under HIPAA already. I wager that most people think that this data sharing isn’t permissible (or shouldn’t be). According to a study done for IOM, many Americans believe that their health information is not adequately protected under federal and state laws.
In order for EHR to be successful, additional privacy protections are warranted. Some would even say that additional privacy protections are good public policy. The Markle Foundation has done some heavy thinking on this issue. Check out their common framework for networked personal health information.
AAC worked hard for the inclusion of privacy protections that will help to win the trust of all patients, first and foremost those people living with HIV/AIDS and other sensitive health conditions. While we didn’t get everything we asked for, the provisions that were finally included in the legislation - like creating an opt-in system so that no one joins unless they choose to, providing people with notice of an unauthorized disclosure of their information, or giving people access to a list of who has looked at their records - are very positive initial steps toward balancing privacy with the need to access the right information to provide effective care. Check out the complete list of important privacy and data security provisions that became part of the final legislation here.
We will have more to do on this front next session. For now, we are watching the corner office to see if what the legislature enacted will gain the Governor’s signature.
In the meantime, our sincere thanks go to Senate President Therese Murray and Speaker of the House Salvatore DiMasi for their leadership on the privacy issue. We also extend our gratitude to Representative Byron Rushing and Senator Harriette Chandler for sponsoring amendments and to Senator Richard Moore and Representative Patricia Walrath for their insight and leadership. Without the commitment to privacy and demonstrated leadership of these legislators during negotiations in each and both chambers, these initial privacy protections would never have seen the light of day in the final legislation.
Clearly EHR-land is a burgeoning and complex field. It also has the unmistakable air of inevitability about it. If you doubt Massachusetts’ commitment, the $25M allocated to the EHR program in the FY09 state budget before this legislation was enacted may be persuasive to you. Stay tuned for further developments.
