Lively Debate at HIPAA Summit at Harvard

By Neil Versel

August 19, 2008 | CAMBRIDGE, Mass.—Are patient privacy rules effective? The answer is not a simple yes or no.

“It’s working, but it’s got a ways to go,” suggests William Braithwaite, chief medical officer of San Diego-based security and identity management company Anakam. He says that current federal and state privacy rules generally do not address new technologies such as mobile Internet access and personal health records (PHR) platforms.

Deborah Peel, founder and chair of Patient Privacy Rights and the affiliated Coalition for Patient Privacy, begs to differ. She says the August 2002 amendments to the original HIPAA privacy rule effectively eliminated the patient’s right to consent to the use of protected health information by adding permission to share such data for “treatment, payment, and health care operations.”

Braithwaite, known as “Doctor HIPAA” because he helped draft the rules last decade when he was a senior advisor on health-IT policy in the Department of Health and Human Services (HHS), and Peel were part of a lively roundtable discussion and debate Tuesday morning at the Sixteenth National HIPAA Summit and related Privacy Symposium on the Harvard University campus.

Joining them on the panel were Karen Grant, chief privacy officer at Partners Healthcare System in Boston, and Linda Sanches, senior advisor for HIPAA privacy outreach and training in the HHS Office for Civil Rights. Jodi Daniel, director of the Office of Policy and Research in the Office of the National Coordinator for Health Information Technology, participated via telephone.

Peel believes a stronger privacy law that requires patient consent could promote data exchange between health care entities that currently are wary of sharing information with competitors. “The consent tool can really enable regional data exchange,” says Peel, an Austin, Texas, psychiatrist.

“The person who can really move the data safely is in the consumer,” according to Peel. “We can be pinged on our cell phones if someone we don’t know wants access to our data.

Sanches says health care professionals and the public alike may mistakenly believe HIPAA enforcement has been lax because HHS has imposed few monetary penalties. “We see enforcement as the improvement of privacy activities among covered entities,” she says.

“That normally requires them to take drastic action,” Sanches says. She notes that people have been disciplined for taking unauthorized looks at the medical records of celebrities, such as the more than two dozen employees at Palisades Medical Center in New Jersey were suspended last year for peeking at the records of actor George Clooney.

But Peel says that health care organizations generally only take action when there is a high-profile breach such as with Clooney because electronic health records (EHRs) systems are set up to follow the HIPAA requirement that there be an audit trail of who viewed protected health information and when. EHRs, she argues, generally do not take proactive steps to prevent unauthorized access to specific records by people who have network passwords.

In fact, according to Peel, EHR vendors, which often are not covered entities under HIPAA, routinely aggregate and sell patient data without patient consent. “It is cheaper to have a consent-management tool than to search retroactively for needles in a haystack,” Peel says.

Braithwaite says it is unfair to blame vendors as a bunch because products and security protocols vary greatly. “You can’t make a blanket statement like that. It’s ridiculous,” he contends.

And so the debate continues.



Click here to log in.


Add Comment

Text Only 2000 character limit

Page 1 of 1

White Papers & Special Reports

Wiley Chem Planner Synthesis Solved
Sponsored by Wiley

SGI and Intel
HPDA for Personalized Medicine
Sponsored by SGI and Intel

Life Science Webcasts & Podcasts

medidata_podcast_Sites and Sponsors: Mending Bridges over Troubled Waters  
Sites and Sponsors: Mending Bridges over Troubled Waters
Sponsored by Medidata Solutions Worldwide

This podcast brings together two industry leaders to focus on the issues that divide sponsors and sites. On the one hand sites and sponsors unite in advancing better health care through a common passion for developing better drugs. Yet some issues divide them and bridges need to be built or mended to advance the highest levels of cooperation, coordination and success in clinical trials. Listen as the key issues are debated from the site and the sponsor side and new methods and technology are advanced that offer near-term and lasting solutions.

• Common ground in reaching agreement on a budget

• Improving the pace of agreement on budgets and contracts

• Processes for payment to sites on a timely basis

Listen Now  

More Podcasts

Job Openings

For reprints and/or copyright permission, please contact Angela Parsons, 781.972.5467.