[Med-privacy] "Warnings Over Privacy of U.S. Health Network"

[Peter Marshall]

February 18, 2007
Warnings Over Privacy of U.S. Health Network
By ROBERT PEAR

WASHINGTON, Feb. 17 =97 The Bush administration has no clear strategy to=20=

protect the privacy of patients as it promotes the use of electronic=20
medical records throughout the nation=92s health care system, federal=20
investigators say in a new report.

In the report, the Government Accountability Office, an investigative=20
arm of Congress, said the administration had a jumble of studies and=20
vague policy statements but no overall strategy to ensure that privacy=20=

protections would be built into computer networks linking insurers,=20
doctors, hospitals and other health care providers.

President Bush has repeatedly called for the creation of such networks,=20=

through which health care providers could share information on=20
patients. In 2004, Mr. Bush declared that every American should have a=20=

=93personal electronic medical record=94 within 10 years =97 by 2014. =
With=20
computerized records, he said, =93we can avoid dangerous medical=20
mistakes, reduce costs and improve care.=94

In response to the president=92s plea, federal officials have developed=20=

elaborate plans for what they describe as =93a nationwide health=20
information network.=94 Mr. Bush has said: =93One of the things I=92ve=20=

insisted upon is that it=92s got to be secure and private. There=92s=20
nothing more private than your own health records.=94

But in the report, issued this month, the G.A.O. said the=20
administration had taken only rudimentary steps to safeguard sensitive=20=

personal data that would be exchanged over the network.

Senator Daniel K. Akaka, Democrat of Hawaii, who requested the=20
investigation, said it showed that =93the Bush administration is not=20
doing enough to protect the privacy of confidential health=20
information.=94 As a result, Mr. Akaka said, =93more and more companies,=20=

health care providers and carriers are moving forward with health=20
information technology without the necessary protections.=94

In written comments on the report, Jim Nicholson, the secretary of=20
veterans affairs, who supervises one of the nation=92s largest health=20
care systems, said, =93I concur with the G.A.O. findings.=94

But Dr. Robert M. Kolodner, who coordinates work on information=20
technology at the Department of Health and Human Services, disputed the=20=

findings. Dr. Kolodner said his department was =93very committed to=20
privacy and security as it works toward the president=92s goal=94 of=20
switching medical records from paper to electronic files.

Mark A. Rothstein, the chairman of a panel that advises the government=20=

on health information policy, essentially agreed with the=20
accountability office. =93Health privacy has not received adequate=20
attention at the Department of Health and Human Services,=94 said Mr.=20
Rothstein, a professor of law and medical ethics at the University of=20
Louisville School of Medicine. =93A sense of urgency is lacking.=94

Mr. Rothstein said =93time is of the essence=94 because =93the private =
sector=20
is racing ahead=94 to establish medical record banks and health=20
information exchanges. In December, he noted, Wal-Mart, Intel and other=20=

companies announced they were creating a huge database that could store=20=

the personal health records of more than 2.5 million employees and=20
retirees. The companies promised they would have =93stringent privacy=20
policies and procedures.=94

Mr. Rothstein said Congress should not provide more money for a=20
nationwide health information network unless the administration did=20
more to protect the privacy of electronic medical records.

Dr. William A. Yasnoff, a physician and computer scientist who worked=20
at the Department of Health and Human Services from 2002 to 2005, said=20=

he too had found that =93the department does not have a comprehensive=20
approach to privacy.=94

Explaining why he saw a need for stronger privacy protections in the=20
digital age, Dr. Yasnoff said: =93Anything you do to make information=20
more accessible for good, laudable purposes will simultaneously make it=20=

more accessible for evil, nefarious purposes. People intuitively=20
understand that, and they are worried.=94

The accountability office said doubts about privacy could slow the=20
adoption and use of electronic medical records. Professor Rothstein=20
offered a similar prediction, saying: =93If privacy protections are not=20=

built into the network, people will not trust it. They won=92t=20
participate, or they will opt out if they are allowed to.=94

Legislation to encourage the use of health information technology has=20
broad bipartisan support but died in Congress last year, partly because=20=

of disagreements over privacy protections.

Under Mr. Bush=92s proposal, lawmakers said, it is not clear how much=20
control people would have over their electronic medical records.

Several members of Congress have drafted legislation to clarify=20
consumers=92 control over such data. One proposal, by Senator Sam=20
Brownback of Kansas and Representative Paul D. Ryan of Wisconsin, both=20=

Republicans, would establish health data banks in which people could=20
store electronic copies of their medical records. Under the bill, a=20
consumer would =93maintain ownership over the entire health record=94 =
and=20
could control access to it.

By contrast, under existing federal rules, hospitals and other health=20
care providers generally do not have to obtain a patient=92s consent to=20=

use or disclose information for =93treatment, payment or health care=20
operations.=94

Copyright 2007 The New York Times Company=