|
Health IT must
include right of consent, say privacy activists
(May
2008 Issue)
By Nan Shnitzler
Health information technology promises a holy grail: better patient
care, fewer medical errors, lower costs, streamlined insurance processing
and robust research. But it threatens dire consequences if data
security and patient privacy are jeopardized.
An array of bills have been introduced in Congress that promote
a national health records network, but not enough include provisions
that satisfy privacy activists who say patients must be allowed
to control when and to whom health information is disclosed, known
as the right of consent.
The best of the bunch is Technologies for Restoring Users' Security
and Trust in Health Information Act (HR5442) introduced Feb. 14
by Rep. Edward Markey (D-MA). But the one with most traction is
the Wired for Health Care Quality Act (S1693) sponsored by Sen.
Edward Kennedy (D-MA) which last year sailed through a Senate committee
on a voice vote.
The problem is that the Wired Act contains no recognition or protection
around a patient's right to privacy and the Trust Act does.
"The traditional right to health information privacy that is essential
for quality health care and mental health care will be eliminated
under the Wired Act and preserved under the Trust Act," says James
Pyles, J.D., counsel for the American Psychoanalytic Association.
"The Trust Act is the best bill we've seen so far that combines
privacy and health IT."
Privacy activists watched with dismay Kennedy's support for health
privacy erode since he decried the weakening of the HIPAA privacy
rule. The original rule said "a covered health care provider must
obtain an individual's consent prior to using or disclosing protected
health information to carry out treatment, payment or health care
operations." But in 2003, "consent" was replaced by "regulatory
permission" to ease the compliance burden on HIPAA-covered entities.
That's why when the Wired Act or any legislation, policy or entity
says it relies on the HIPAA privacy rule, privacy activists bristle.
"If you say, 'HIPAA privacy rule', everyone thinks, Oh, I've got
privacy. But when the rule was gutted, that meant doctors, psychologists,
insurers, employers, they decide when they need your information.
And it doesn't matter if you object," says Deborah Peel, M.D., founder
of the bipartisan Coalition for Patient Privacy (www.patientprivacyrights.org).
"Kennedy and his staff are willing to sell our privacy down the
river just to pass a bill."
Among the dozens of groups that oppose the Wired Act are the AMA,
the Health Privacy Project, the Center for Democracy & Technology,
and umbrella groups such as the Coalition for Patient Privacy and
the 27 members of Mental Health Liaison Group, which includes the
American Psychological Association, the American Psychiatric Association
and the American Psychotherapy Association. They are calling for
a right of consent to disclose identifiable information in routine
situations, strong enforcement measures, notice of breaches, and
effective remedies.
Kennedy's office did not respond to requests for comment.
Mark Bayer, an aide to Markey, says that if the House energy and
commerce committee this spring takes up health IT, the bill that
emerges could combine provisions of those already filed or be another
bill altogether. The progress, he says, has been educating and surfacing
privacy issues among lawmakers.
"At one time, the perception was that privacy was a 'nice to have'
in health IT. But now there's more of a sense of a 'need to have,'"
Bayer says.
Another privacy champion is Sen. Patrick Leahy (D-VT) who sponsored
the Health Information Privacy and Security Act (S1814) which ensures
health information privacy and sanctions for abuse, but does not
provide for a national health IT network.
An aide says that Leahy has tried to strengthen privacy in the
Wired Act, but "unfortunately had not met with success." Kennedy
is in the driver's seat being the chairman of the Senate health
committee.
"Leahy has been championing privacy for a long time. He'll have
concerns until it's addressed," the aide says. Still the future
is unclear because there has not yet been Congressional debate.
Peel all but abandoned her Texas psychiatry practice to fight for
privacy rights after seeing patients victimized because of the lawful
release of health records. Now, with national health IT on the table,
it's another chance to take control.
Any time electronic records are created, patients are put at a
tremendous disadvantage, Peel says. For one thing, computer systems
are easily hacked. For another, millions of HIPAA-covered entities
can access, use and share the data. Finally, if it's digitized,
it can be data mined, even if you pay cash for your prescriptions.
"This is a fact: Every pharmacy in the U.S. is data mined daily
and the prescription records are sold. We have no prescription privacy,"
Peel says. "The whole system is a giant data mining operation.
Electronic health information is being used in ways that violate
medical ethics and the ethics of psychologists."
Industry would say the data has been scrubbed of personal identifiers.
But Peel and others say it's almost impossible to anonymize health
records because, even without a name or date of birth, the longitudinal
data is so rich it can be traced back to the individual.
But what about the promise of health IT?
"Let me be clear, we are pro-health IT. Privacy and health IT are
not opposed," Peel says. "We're saying, use smart technologies backed
up by smart legislation to build a safe, trusted system and you
get all the benefits without creating a superhighway for data mining.
It can't be rushed."
|
