The federal government needs to develop a uniform policy for protecting the confidentiality and security of electronic personal health records, or PHRs, before the current system of data management becomes even more unmanageable and difficult to navigate, said a senior adviser to the AAFP during testimony before a government subcommittee here on April 17.
AAFP Technology Expert Calls for Standard Rules, Regulations
By James Arvantes
4/24/2007
David C. Kibbe, M.D., M.B.A., senior adviser to the AAFP's Center for Health Information Technology, stresses the importance of protecting personal health information during testimony before a government subcommittee.
David C. Kibbe, M.D., M.B.A., senior adviser to the AAFP's Center for Health Information Technology, or CHiT, said there is "widespread confusion and even some apprehension about the privacy and confidentiality" of PHRs and other electronic systems, such as electronic health records, or EHRs, and electronic medical records, or EMRs. Kibbe, testifying before the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics, said the United States operates under a "patchwork quilt of state and federal legislation and regulatory guidance about privacy."
Read Kibbe's statement on behalf of the Academy (PDF file: 4 pages / 344 KB. More about PDFs.) on the AAFP Web site.
The privacy rules under the Health Insurance Portability and Accountability Act, or HIPAA, apply only to certain organizations, further fragmenting rules and regulations that govern electronic medical records and health systems, Kibbe noted. In many instances, the laws and rules are "industry-specific and variable with respect to the kind of personal information being considered," he said, adding that "in no other industry is the issue of privacy of personal information more in need of a thorough revisiting."
Government officials still are unable to answer several basic questions, such as who owns the data, who can access it and when, and under what restrictions or rules of confidentiality they can access it, Kibbe said. He also asked whether consumers have the right to withhold health information from their medical providers.
"We believe that a lack of answers to these questions has become a significant barrier to the ongoing adoption of health information technology by our physician members," he said. "We in this country do not have a uniform set of answers to these, and many related problems."
Kibbe called for an "end to this confusing and unworkable situation. We need a comprehensive and uniform approach to privacy, the protection of confidentiality and the security of personal health information." He said the federal government should "fundamentally reform" its approach to privacy by adopting the following four principles:
Read Kibbe's statement on behalf of the Academy (PDF file: 4 pages / 344 KB. More about PDFs.) on the AAFP Web site.
The privacy rules under the Health Insurance Portability and Accountability Act, or HIPAA, apply only to certain organizations, further fragmenting rules and regulations that govern electronic medical records and health systems, Kibbe noted. In many instances, the laws and rules are "industry-specific and variable with respect to the kind of personal information being considered," he said, adding that "in no other industry is the issue of privacy of personal information more in need of a thorough revisiting."
Government officials still are unable to answer several basic questions, such as who owns the data, who can access it and when, and under what restrictions or rules of confidentiality they can access it, Kibbe said. He also asked whether consumers have the right to withhold health information from their medical providers.
"We believe that a lack of answers to these questions has become a significant barrier to the ongoing adoption of health information technology by our physician members," he said. "We in this country do not have a uniform set of answers to these, and many related problems."
Kibbe called for an "end to this confusing and unworkable situation. We need a comprehensive and uniform approach to privacy, the protection of confidentiality and the security of personal health information." He said the federal government should "fundamentally reform" its approach to privacy by adopting the following four principles:
- apply standards uniformly and consistently to people, organizations and entities who collect, store, manage and transmit health data;
- allow patients to control access to the specific content of their health records by making them custodians or stewards of their own data;
- clearly and consistently spell out, for the benefit of the patient, any limitations to that right of information access and control over access that are required based on such factors as the age of the information, the nature of the conditions or treatment and that information's relationship to issues of public health, and national security -- this should be done when the patient provides consent for the release of information; and
- impose serious penalties when illegal disclosures of private and confidential information occur.
Government & Medicine
AAFP Applauds House Passage of SGR Bill
AAFP Puts Muscle Behind Support for Bill to Fix SGR Formula
AAFP Continues to Press Congress on Health Care Reform
AAFP Letter to House Speaker Expresses Support for Reform Legislation
MedPAC Members Call RBRVS System Subjective, 'Deeply Flawed'
AAFP Leaders Make Case for Family Medicine in Capitol Hill Visits
Legislation Providing Permanent SGR Fix Dies in Senate
Legislation Could Fix SGR Formula
AAFP Supports Rural Physician Legislation
AAFP Leaders, Obama Discuss Health Care Reform in White House Meeting
AAFP President Praises Senate Bill, But Has Some Concerns
Physician Groups Call On Congress to Replace SGR
Obama Rallies Health Care Reform Support
Monday Last Opportunity to Comment on Fee Schedule
Primary Care Key Component of Health Care Reform
AAFP Leaders Engage White House Officials on Reform
Roundtable on Reform Spotlights Primary Care
AAFP Comments on Physician Fee Schedule
Stimulus Funds Help Health Centers
Medicaid EHR Bonus Provides Stimulus
Final Approval Lacking for Medical Home Project
AAFP Board Chair Makes Case for Health Care Reform on Capitol Hill
FP Praises Health IT Bill in Congressional Testimony
Obama Pushes for Health Care Reform in Prime Time News Conference
PCPCC: Feds Call Primary Care 'Fundamental' to Reform
Related News Stories
AAFP Shapes Federal Legislation on Information Technology
(3/14/2007)
HHS Expands Role of EHR Certification Body
(11/30/2006)
EHR Products Certified: HHS Secretary Touts Value of Health IT Certification
(7/19/2006)
Health Info Tech Will Transform U.S. Health Care System
(9/19/2005)
More From AAFP
Electronic Health Records: The 2007 FPM User-Satisfaction Survey
EHR 101 -- Introduction to Electronic Health Records
Policy on Data Stewardship
AAFP Shapes Federal Legislation on Information Technology
(3/14/2007)
HHS Expands Role of EHR Certification Body
(11/30/2006)
EHR Products Certified: HHS Secretary Touts Value of Health IT Certification
(7/19/2006)
Health Info Tech Will Transform U.S. Health Care System
(9/19/2005)
More From AAFP
Electronic Health Records: The 2007 FPM User-Satisfaction Survey
EHR 101 -- Introduction to Electronic Health Records
Policy on Data Stewardship