[Med-privacy] GAO report

[peter marshall]

Comprehensive Privacy Approach Needed for Health IT

On June 19, the Government Accountability Office (GAO) released a report
recommending that The Department of Health and Human Services (HHS)
implement a comprehensive privacy initiative to ensure the protection of
electronically stored personal health data.  The report was based on
Executive Order 13335, in which President Bush called upon HHS to
develop and implement a national interoperable health information
network.  The GAO report recognized that HHS officials have already
undertaken some initiatives to address privacy principles; however, it
determined that the agency's work is still in the preliminary stages,
and not yet integrated.

The report recommended that HHS adopt milestones to ensure that "key
privacy principles" and possible data exchange challenges are fully and
adequately addressed.  The report also identified four key challenges to
overcome: 1) assurance of proper minimum disclosures; 2) implementation
of sufficient security measures; 3) resolution of varying state privacy
laws and policies; and 4) the right of individuals to access and amend
their health data.  EPIC supports the GAO's findings.  In particular,
EPIC has continually advocated for adoption of stringent privacy
safeguards for electronic health records, as well as the right of
individuals to obtain and amend their personal medical records.

GAO Report, "Health Information Technology: Efforts Continue but
Comprehensive Privacy Approach Needed for National Strategy" (pdf):

      http://www.gao.gov/new.items/d07988t.pdf

[EPIC]