Qual-IT - July-August 2006 | Archived

The National Committee on Vital and Health Statistics, a public advisory board to the secretary of the Department of Health and Human Services (HHS), provides technical expertise and policy advice on issues related to health information and health information technology (HIT).  The Committee has actively promoted the development of standards to facilitate the adoption and use of HIT through mechanisms such as the planned Nationwide Health Information Network.  Over an 18-month period, the Committee held hearings and analyzed information on privacy and security issues relating to the Network, issuing a report on its findings in June (National Committee 2006).

"Informational privacy is a core value of American society," the Committee stated, noting that people expect their personal health information to be handled securely.  Today's fragmented, paper-based health care system makes it difficult to access this information, which may protect privacy but also hinders the application of that information to improve health care.  Health information technology and health information exchange can surmount these gaps, the report notes, but public support for a national network depends on trust that personal health information is protected––even though, as its availability and utility increase, "so does the risk to privacy and confidentiality."

While recognizing that the specific architecture for the Network has yet to be determined, the Committee addressed some of the key policy issues that will affect relationships between individuals and these new information systems.  It could not agree on many of the essential details, however.  Although, for example, the Committee supports individuals' right to decide whether their information will be accessible through the Network, members could not reach consensus on whether that decision would be exercised by opting in––each person providing an explicit affirmation that his or her information can be part of the system––or opting out, requiring an explicit request to withhold information.  The Committee also couldn't agree on whether individuals should be able to control access to specific types of information made available through the Network.  Whatever choices people make, public information and education is essential to ensure that decisions are truly informed.

The Committee's report further addresses controls on the disclosure of personal health information, suggesting that access be "role-based," or limited to those with specific authorization, consistent with regulations and policies that have already proved feasible in large organizations with advanced HIT systems.  In other areas, the report recommends:

• Expanding existing rules covering organizations involved in claims processing to protect health information exchange among other types of organizations in the Nationwide Health Information Network;
• Bolstering public support by requiring all organizations participating in the Network to comply strictly with rules governing privacy, confidentiality, and security, and ensuring strong enforcement efforts in that regard;
• Making the process for designing and implementing the Network, and its privacy and confidentiality policies, open and transparent, and including meaningful consumer representation at the national, regional, and local levels.

While the Committee report reinforces the importance of privacy protections in electronic health information exchange, much more work is needed to gain consensus on specific policies and operational requirements for the Network. These issues were also prominent in the recent Health and Human Services-sponsored Nationwide Health Information Network Forum. As described in a recent newsletter (Ferris 2006), the Forum included extensive discussion of the proposed national network's overall scope and complexity, which heighten the challenges of implementing effective policies to ensure privacy and security. The Forum devoted several sessions to consumer and privacy issues, focusing specifically on disclosure and authentication policies. The Committee will review and distill comments from this meeting to further inform the Network design process.

Privacy and confidentiality concerns have also arisen in the recent debate in the House of Representatives, which has passed legislation designed to promote broader HIT adoption.  As reported in a recent National Journal article (Belopotosky 2006), passage of HR 4157, the Health Information Technology Adoption Act of 2005, sponsored by Rep. Nancy Johnson (R-Conn.), was briefly delayed by disagreements over the inclusion, and extent, of additional provisions on health information privacy. Rep. Johnson had proposed that HHS review state and federal laws and, if necessary, take steps to override state laws that may hinder HIT adoption and use. In opposition, a coalition of consumer and labor groups argued for comprehensive provisions to safeguard privacy, and the preservation of states' ability to adopt more stringent requirements toward that end. Meanwhile, the House leadership had argued against adopting any privacy-related amendments, a position that failed when the bill finally passed on July 27. The Senate had previously passed its own version of an HIT bill, and the two houses now need to determine whether and how to reconcile the two measures.

Consumer organizations, too, have weighed in on electronic health information exchange. In March, a number of groups jointly published a set of principles designed to help shape HIT policies and practices (National Partnership 2006):

• Individuals should be able to access their personal health information conveniently and affordably;
• Individuals should know how their personal health information may be used and who has access to it;
• Individuals should have control over whether and how their personal health information is shared;
• Electronic health information systems must protect the integrity, security, privacy, and confidentiality of personal health information;
• The governance and administration of electronic health information networks should be transparent and publicly accountable.

One such group, Health Care for All, recently sponsored the first "consumer e-health summit" in Massachusetts, focusing in part on how to apply these consumer principles in the context of the community-based Massachusetts eHealth Collaborative. Health Care for All, which is one of 33 members of the Collaborative board, concluded that the Collaborative has incorporated many aspects of the consumer principles into its project design, but two broad concerns––paralleling some of the comments made at the Nationwide Health Information Network Forum––remain: how network architecture will affect consumers, and what additional steps are needed to ensure meaningful consumer input to the process.

New York has been selected as one of up to 40 states that will participate in a study assessing how state laws and business practices may affect interoperable health information exchange, and seeking practical solutions to resulting problems.  The study, with project direction in New York by the state's Department of Health, is being conducted by RTI International under a contract with the Department of Health and Human Services.  As noted earlier, there is much variation among state laws and little regulation, to date, of the new issues raised by the increased availability of HIT, and the corresponding increase in capacity for health information exchange.

The Department of Health has already convened steering and legal committees to provide direction and input throughout the study.  Initially, a series of ad hoc work groups––drawn from health care interests across the state––will analyze a variety of scenarios prescribed by RTI.  The work groups will elicit a wide range of stakeholder views regarding potential and actual barriers to health information exchange, based on current state laws and on health care operational practices common in New York.  Health care leaders from across the state will review the issues identified through this process, and attempt to develop consensus on solutions and implementation strategies to accelerate HIT adoption and use while safeguarding individuals' right to privacy.

Belopotosky D.  2006.  Partisan rift over patient privacy.  National Journal July 1:52-53.

Ferris N.  2006.  NHIN forum reveals many unanswered questions.  Government Health IT June 30.  Available online at http://www.govhealthit.com/article95108-06-30-06-Web

Health Care for All.  Information on the eHealth Summit and other policy-related materials is available online at http://www.hcfama.org/index.cfm?fuseaction=Page.viewPage&pageId=555

National Committee on Vital and Health Statistics.  2006.  Privacy and confidentiality in the National Health Information Network.  Letter to the Secretary, Department of Health and Human Services, June 22.  Available online at http://www.ncvhs.hhs.gov/060622lt.htm

National Partnership for Women and Families.  2006.  Health Information Technology––Consumer Principles.  Available online at http://www.nationalpartnership.org/portals/p3/library/HealthCareQualityPatientsRights/HIT.pdf

RTI International.  2006.  Health information security and privacy collaboration request for proposals.  Available online at http://www.rti.org/hispc

HHS Takes Further Action to Spur HIT Adoption