McGraw: Public trust must be established to allow for more IT adoption

To establish greater public trust in health IT and health information exchanges (HIEs) and facilitate adoption of these technologies, a comprehensive privacy and security framework must be in place, Deven McGraw, director of the Health Privacy Project at Center for Democracy & Technology (CDT), stated before the Senate Committee on the Judiciary Subcommittee on Privacy, Technology and the Law.

“We are at an important juncture in the effort to build a healthcare ecosystem powered by IT,” she said, adding that the failure to build and maintain public trust in the collection and sharing of electronic health information will doom efforts to leverage health IT to promote innovation.

CDT is a nonprofit internet and technology advocacy organization that promotes public policies to preserve privacy in the digital age.

McGraw cited that survey data consistently show the public supports health IT but is concerned about the risks health IT poses to individual privacy, including statistics from a 2006 survey that found:
  • 77 percent of Americans reported being very concerned about their medical information being used for marketing purposes
  • 56 percent were concerned about employers having access to their health information.

“Digital technologies, including strong user authentication and audit trails, can be employed to limit and track access to electronic health information automatically,” she said. “Electronic health information networks can be designed to facilitate data sharing among healthcare system entities for appropriate purposes without needing to create large, centralized databases that can be vulnerable to security breaches. Encryption and similar technologies can reduce the risk to sensitive data when a system is breached.”

Mentioning that the industry is in a better place today in building a foundation of trust needed than three years ago, McGraw called for:
  • Prompt release of final regulations to implement the HIPAA Privacy and Security Rule changes mandated by HITECH Act;
  • Strengthened accountability through greater transparency about enforcement of privacy and security rules;
  • Baseline privacy and security legal protections for personal health information not covered by HIPAA;
  • Appropriate limits on downstream uses of health information by contractors or business associates;
  • Strengthened accountability for implementing strong security safeguards like encryption; and
  • Protections against re-identification of HIPAA de-identified data.

“From traditional health entities to new developers of consumer-oriented health IT products to policymakers, all have an important role to play in ensuring a comprehensive privacy and security framework for the e-health environment,” she concluded.

To read the entire statement, click here.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.