HEALTH I.T. and PRIVACY

1. Breaking the gridlock Breaking the gridl ck HEALTH I.T. and PRIVACY

2. HEALTH I.T. Partners . . . DividedWe Fail want to break the gridlock! • Privacy crucial for patients to have confidence in HIT • HIT must have privacy rules consumers can trust • But inefficient, low-quality, out-of-reach-costly care is as harmful as privacy threats • Paper records have always had privacy concerns • Privacy should no longer derail HIT ----- we should not have to choose between privacy and HIT

3. HEALTH I.T. History of Privacy Gridlock in Congress • 1979 Early effort to pass health privacy legislation • 1996 Congress still couldn’t agree, so HIPAA was punted to 1999 • 1999 deadline still could not be met, so HHS got job • 2006 Congress failed to conference HIT bills

4. HEALTH I.T. Privacy/Security Is a Concern for Public • 2007 IOM/Harris Interactive Survey: 58% believe health privacy not sufficiently protected by federal/state laws or provider practices • 2005 California HealthCare Foundation: 67% concerned about medical records privacy • 1 in 8 avoid care, ask MD to fudge diagnosis, not submit claim, or avoid tests due to privacy concerns • Press reports on string of major breaches further erode public trust

5. HEALTH I.T. Key Building Block to Better Care HITholdsenormouspotentialto: • Improve quality & efficiency, save lives, money • Provide instant, comprehensive medical records • Engage consumers in managing their own health • Allow caregivers and providers to coordinate care • Help identify most effective care

6. HEALTH I.T. Can Enhance Aspects of Privacy • Easier (than paper) to track who has seen/changed records for audit trails • Patients gain ability to review/comment on records they now rarely see • Technically feasible to limit who has access, even to subsets of records: • Mental health, HIV, reproductive health, other sensitive data

7. HEALTH I.T. Can Resolve Other Privacy Issues (If Done Well) • Must address potential for breaches, data-mining, misuse of sensitive personal data, which could undermine consumer confidence vital to HIT success • If protections are seen as inadequate, to avoid embarrassment or discrimination patients may withhold information and forego treatment • Critical to doprivacy and securitywell: • to gain consumer confidence • preserve medical ethics

8. HEALTH I.T. Need to Balance Privacy Concerns and “Common Good” • Consumers do want benefits, convenience of electronic records • Aggregated, de-identified data have enormous power to identify public health threats and most effective care (“best practices”) • 1/14/07 JAMA study saw harmful impact on research from overly stringent privacy rules

9. HEALTH I.T. Legislation Status: Delay due to Privacy Issues • Wired for Health Care Quality Act unanimously passed HELPCommittee –sets up process whereby stakeholders work together on privacy rules • Further action blocked by advocates for explicit privacy rules set out in legislation • Others Senators, stakeholders oppose explicit rules in legislation • House bill up soon –privacy will be key focus • Even if House passes privacy protections, Senate has not resolved privacy issues

10. HEALTH I.T. Three main debate positions • Some insist Congress must enact strong protections • Others say opening HIPAA/codifying new protections disrupts market forces that ensure vendors protect privacy (to retain consumer confidence) • Others want new rules, but –to break gridlock– favor a regulatoryapproach • “Consumer Partnership for e-Health” believes: Privacy and Quality are equalpriorities

11. HEALTH I.T. Partners DividedWe Fail support . . . • HR 3800 S 1693 • The “Wired for Health Care Quality Act” • Legislation which sets up a regulatory process to develop specific privacy standards

12. Breaking the gridlock Breaking the gridl ck HEALTH I.T. Is there a path to consensus?