U.S. electronic health-record standards agreed
Kim Dixon of Reuters reports:
U.S. consumer groups, insurers and privacy advocates together with Google Inc and Microsoft Corp said on Wednesday they have agreed to standards intended to speed adoption of personal electronic health records.
That’s nice, but as you read further into the report, you read that:
“A policy and privacy logjam … has constricted some of the consumer uptake of these services,” said James Dempsey, deputy director at the Center for Democracy and Technology, a privacy rights group.
Principles for personal health records include an audit trail to track use of the data, a dispute resolution process for consumers who believe their personal information has been misused and a ban on using data to discriminate in employment.
Also signing on to the principles are WebMD, Consumers Union, which publishes Consumer Reports, AARP, the seniors’ lobbying group, and America’s Health Insurance Plans, which represents major insurers such as Aetna Inc.
So where are the “privacy advocates” in the above list? If they think that CDT represents most privacy advocates, may I politely point out that they don’t? CDT takes money from businesses, and their recommendations tend to be a lot more business-friendly than privacy organizations such as EPIC or the World Privacy Forum.
Privacy advocates do not speak with one voice. It may be fine for CDT, but where are the strict prohibitions on certain uses of data without express opt-in consent and the ability of the consumer to revoke consent at any time? An audit trail can point to abuses, but it doesn’t prevent them. Where are the real nuts and bolts of security and privacy here? Where are breach definitions and statements about notification and disclosure? And where are individual causes of action?
I look forward to seeing the details of these standards. Yesterday, CDT wrote:
CDT Policy Post: Privacy and Security Principles for Health Information Technology
CDT issued a policy post today on the topic of Privacy and Security Principles for Health Information Technology. In the document, CDT emphasizes the importance of building privacy and security into e-health systems from the outset and identifies the basic requirements of a comprehensive privacy and security framework for health information technology. The document makes several suggestions for Congress to consider when crafting legislation; it also calls on federal lawmakers to build a comprehensive framework for e-health through the enactment of incremental, workable policy solutions. June 24, 2008
CDT Policy Post 14.9 June 24, 2008