AAFP Technology Expert Calls for Standard Rules, Regulations

The federal government needs to develop a uniform policy for protecting the confidentiality and security of electronic personal health records, or PHRs, before the current system of data management becomes even more unmanageable and difficult to navigate, said a senior adviser to the AAFP during testimony before a government subcommittee here on April 17.

David C. Kibbe, M.D., M.B.A., senior adviser to the AAFP's Center for Health Information Technology, or CHiT, said there is "widespread confusion and even some apprehension about the privacy and confidentiality" of PHRs and other electronic systems, such as electronic health records, or EHRs, and electronic medical records, or EMRs. Kibbe, testifying before the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics, said the United States operates under a "patchwork quilt of state and federal legislation and regulatory guidance about privacy."

Read Kibbe's statement on behalf of the Academy (PDF file: 4 pages / 344 KB. More about PDFs.) on the AAFP Web site.

The privacy rules under the Health Insurance Portability and Accountability Act, or HIPAA, apply only to certain organizations, further fragmenting rules and regulations that govern electronic medical records and health systems, Kibbe noted. In many instances, the laws and rules are "industry-specific and variable with respect to the kind of personal information being considered," he said, adding that "in no other industry is the issue of privacy of personal information more in need of a thorough revisiting."

Government officials still are unable to answer several basic questions, such as who owns the data, who can access it and when, and under what restrictions or rules of confidentiality they can access it, Kibbe said. He also asked whether consumers have the right to withhold health information from their medical providers.

"We believe that a lack of answers to these questions has become a significant barrier to the ongoing adoption of health information technology by our physician members," he said. "We in this country do not have a uniform set of answers to these, and many related problems."

Kibbe called for an "end to this confusing and unworkable situation. We need a comprehensive and uniform approach to privacy, the protection of confidentiality and the security of personal health information." He said the federal government should "fundamentally reform" its approach to privacy by adopting the following four principles: