[Med-privacy] EMRs

peter marshall pwm@comcast.net
Thu, 26 Jun 2008 16:29:46 -0700 

U.S. electronic health-record standards agreed

Kim Dixon of Reuters reports:

     U.S. consumer groups, insurers and privacy advocates together with=20=

Google Inc and Microsoft Corp said on Wednesday they have agreed to=20
standards intended to speed adoption of personal electronic health=20
records.

That=92s nice, but as you read further into the report, you read that:

     =93A policy and privacy logjam =85 has constricted some of the =
consumer=20
uptake of these services,=94 said James Dempsey, deputy director at the=20=

Center for Democracy and Technology, a privacy rights group.

     Principles for personal health records include an audit trail to=20
track use of the data, a dispute resolution process for consumers who=20
believe their personal information has been misused and a ban on using=20=

data to discriminate in employment.

     Also signing on to the principles are WebMD, Consumers Union, which=20=

publishes Consumer Reports, AARP, the seniors=92 lobbying group, and=20
America=92s Health Insurance Plans, which represents major insurers such=20=

as Aetna Inc.

So where are the =93privacy advocates=94 in the above list? If they =
think=20
that CDT represents most privacy advocates, may I politely point out=20
that they don=92t? CDT takes money from businesses, and their=20
recommendations tend to be a lot more business-friendly than privacy=20
organizations such as EPIC or the World Privacy Forum.

Privacy advocates do not speak with one voice. It may be fine for CDT,=20=

but where are the strict prohibitions on certain uses of data without=20
express opt-in consent and the ability of the consumer to revoke=20
consent at any time? An audit trail can point to abuses, but it doesn=92t=20=

prevent them. Where are the real nuts and bolts of security and privacy=20=

here? Where are breach definitions and statements about notification=20
and disclosure? And where are individual causes of action?

I look forward to seeing the details of these standards.

[Pogo Was Right.org]=