280 likes | 391 Views
“Security and Privacy in Electronic Health Records”. Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference July 25, 2005. The Schedule Shift Today. Privacy meeting today with Homeland Security Secretary Chertoff
E N D
“Security and Privacy in Electronic Health Records” Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Hospital Wireless Conference July 25, 2005
The Schedule Shift Today • Privacy meeting today with Homeland Security Secretary Chertoff • Planned privacy meeting with HHS Secretary Leavitt • Privacy and security as strategic issues for top leadership
Our Puzzle for Today • Health IT Must Improve Considerably • Often a decade or more behind other sectors • Manila folders behind the nurses’ station • Other sectors – banks, travel, retail? • Inconceivable in today’s market • Perhaps a federal law – manila folders banned from health care providers? • The Gingrich version: “paper kills”
Our Puzzle • Health IT is HARD to Improve • Reimbursement reasons • Medicare, insurers usually do not pay more for good IT • Customers don’t discipline providers on health IT, the way they would banks or travel providers • Quality-of-care ROI is usually easier to show than financial ROI for health IT
Our Puzzle • Health IT is HARD to Improve • Privacy and security reasons • Recent Westin/AHRQ poll • More respondents worried about privacy & security than favored new use of electronic health records • Polls and focus groups • Risks are top-of-mind to consumers • Benefits are much less evident
Overview • HIPAA and my background • Electronic Medical Records, Connecting for Health & David Brailer • National health IDs vs. a linking approach • IT progress together with security and privacy
I. HIPAA and Health IT • HIPAA statute in 1996 • The political engine was transactions • Early 1990s and no agreement on standards • One HIPAA client paid in > 2000 formats • Statute said standards for electronic payments • My sense – improvement, but harder to get standard implementation than was hoped
HIPAA and Health IT • Privacy and security came with new health IT • Political realization that patient records would be electronic for payment purposes • HIPAA statute said build in privacy and security at the same time as ramp up the level of electronic payments • That makes sense – upgrade (for transactions) easiest time to upgrade for security and privacy
HIPAA Privacy • Congress gave itself until summer, 1999 to write a medical privacy statute • When it couldn’t, Administration required to issue a privacy rule • WH Coordinator for Oct. 99 proposed rule • 53,000 public comments • Final privacy rule Dec. 2000
HIPAA Privacy After 2000 • After Jan. 2001, political effort to cancel HIPAA privacy • President Bush overruled his advisors, and kept it • 2002 final privacy rule mostly the same as 2000 privacy rule • HIPAA security was delayed, but now in place
Looking Back on HIPAA • Much of it good practices that had not necessarily been built in previously • Some was bureaucratic overkill • One criticism since 2001 – much less outreach and guidance than planned • Another criticism – no enforcement yet, with risk that those who comply will lose faith in the system
II. EMRs, Markle & Brailer • Next, beyond electronic transactions to electronic medical records (EMRs) • A great resource – Markle Foundation’s Connecting for Health Project • www.markle.org: Roadmap & other docs • I’ve been involved in 3 working groups of it • Currently, my focus is on authentication for patients and system users
Markle & HHS • Spring, 2004 – Pres. Bush announces Dr. David Brailer as “Health IT Czar” • Brailer had been chair of a Markle committee • Great background on health care economics, health IT • New HHS Sec. Leavitt was on Markle committee, is making health IT one of his signature issues
Where We Are Today • Markle and numerous stakeholders • HHS – Leavitt & Brailer • Congress – Newt and Hillary become best friends • BUT, some health care stakeholders are unconvinced: • Doctors, reimbursement & data input challenges • Consumers and fears on privacy/security • Interconnection challenges and fear that early adopters won’t get paid for their efforts
III. Health ID v. Linking • A key issue in EMRs is whether to have a national health ID • Most doctors and techies initially assume that it is appropriate and necessary • My argument here is that it is a bad idea and that a “linking” or “record locator service” approach is feasible and better policy
National Health IDs • The attraction is the idea that records from home, work, and travel all can be matched by tagging them with a unique identifier for each patient • Most providers use a unique identifier, such as SSN, in their own system – why not use it across systems? • Most plans have envisioned national ID and a central EMR repository
The Politics of Health IDs • Unique patient IDs were actually required in the 1996 HIPAA statute • Supported by many vendors and system owners • By 1998, Clinton Administration said no health IDs unless strong privacy & security in place • Bush Administration has confirmed that there will be no such IDs for patients • Moral – huge political opposition to the idea • Waiting for health IDs means to wait a long time
The Markle Linking Alternative • Create a Record Locator Service (RLS), not an EMR central database • The RLS authenticates based on demographic, not clinical, data • Federated – decision at the edges whether a record is listed on the RLS • E.g., substance abuse & HIV may not be listed
Advantages of RLS Approach • Avoids single point of failure of central EMR database – the data breach problem • Control at edges • Patients can opt out • Providers can decide what (not) to link • Graceful transition from current system • No required new data field for health IDs • No “rip and replace” • In sum, privacy & security built in
The State of Play on RLS • Current Markle work on • Model contract for participants (RHIOs) and their participants (such as small practice groups) • Policies and procedures – the big picture for communities who are interested • FAQs for deeper technical dives on hard issues • E.g., scoring & procedures for authentication • Test interchange: Indiana and Boston
IV. Privacy, Security & EMRs • Must be credible on privacy & security or the benefits of EMRs will be undermined • The architecture must be secure • Centralized databases, even for sophisticated financial data, have been publicly breached • Health care is unlikely to be (or to be seen as) doing better than banks, who have centuries of practice in guarding the money • Many consider medical data more sensitive than financial data
Some Privacy Basics • Goal should be to improve patient privacy & security in shift to EMRs • Safeguards must be explainable to public • Patient access to linking system (what’s in the system?) and means to correct (those aren’t my records) • Access in HIPAA and FCRA • Patient opt-out from the system, working with providers
Mission Creep & EMRs • Many stakeholders will push for access to linked identities and records: • Health quality measurements • Cost controls • Bioterrorism & law enforcement • Medical research • Marketing research • Not all those who want the data should get it • Model contract for linking will address these issues
Enforcement • Looking ahead, I believe that enforcement against bad actors should occur, while good faith efforts by data holders should not receive enforcement • To date, 0 civil enforcement actions for 13,000 complaints to the Office of Civil Rights • Recently, DOJ opinion that criminal laws do not apply to most employees of covered entities • The right level of enforcement is not zero • The system should be credible, without chilling much-needed sharing of EMRs for legitimate uses
Conclusion • EMRs as the health IT challenge for the next decade, following the ten-year cycle since HIPAA was enacted • Privacy & security concerns for consumers often outweigh the perceived benefits • Strategic challenge for health IT professionals and the entire sector on how to use health IT consistent with the public’s concerns
In Closing • As you build your health IT systems, imagine your own records and those of your family being in the infrastructure • Can you say with confidence to your family that their records are secure and confidential? • For substance abuse, psychiatric records, HIV, and other extra-sensitive data? • That’s the standard we should apply to our systems – that each patient’s data is held the way we want out own data to be treated
In Closing • That’s the high-tech version of the Golden Rule • Do unto other’s data as you would have them do unto you • Thank you.
Contact Information • Peter P. Swire • Consultant, Morrison & Foerster, LLP • Phone: (240) 994-4142 • Email: peter@peterswire.net • Web: www.peterswire.net