McGraw: Public trust must be established to allow for more IT adoption
To establish greater public trust in health IT and health information exchanges (HIEs) and facilitate adoption of these technologies, a comprehensive privacy and security framework must be in place, Deven McGraw, director of the Health Privacy Project at Center for Democracy & Technology (CDT), stated before the Senate Committee on the Judiciary Subcommittee on Privacy, Technology and the Law.
“We are at an important juncture in the effort to build a healthcare ecosystem powered by IT,” she said, adding that the failure to build and maintain public trust in the collection and sharing of electronic health information will doom efforts to leverage health IT to promote innovation.
CDT is a nonprofit internet and technology advocacy organization that promotes public policies to preserve privacy in the digital age.
McGraw cited that survey data consistently show the public supports health IT but is concerned about the risks health IT poses to individual privacy, including statistics from a 2006 survey that found:
“Digital technologies, including strong user authentication and audit trails, can be employed to limit and track access to electronic health information automatically,” she said. “Electronic health information networks can be designed to facilitate data sharing among healthcare system entities for appropriate purposes without needing to create large, centralized databases that can be vulnerable to security breaches. Encryption and similar technologies can reduce the risk to sensitive data when a system is breached.”
Mentioning that the industry is in a better place today in building a foundation of trust needed than three years ago, McGraw called for:
“From traditional health entities to new developers of consumer-oriented health IT products to policymakers, all have an important role to play in ensuring a comprehensive privacy and security framework for the e-health environment,” she concluded.
To read the entire statement, click here.
“We are at an important juncture in the effort to build a healthcare ecosystem powered by IT,” she said, adding that the failure to build and maintain public trust in the collection and sharing of electronic health information will doom efforts to leverage health IT to promote innovation.
CDT is a nonprofit internet and technology advocacy organization that promotes public policies to preserve privacy in the digital age.
McGraw cited that survey data consistently show the public supports health IT but is concerned about the risks health IT poses to individual privacy, including statistics from a 2006 survey that found:
- 77 percent of Americans reported being very concerned about their medical information being used for marketing purposes
- 56 percent were concerned about employers having access to their health information.
“Digital technologies, including strong user authentication and audit trails, can be employed to limit and track access to electronic health information automatically,” she said. “Electronic health information networks can be designed to facilitate data sharing among healthcare system entities for appropriate purposes without needing to create large, centralized databases that can be vulnerable to security breaches. Encryption and similar technologies can reduce the risk to sensitive data when a system is breached.”
Mentioning that the industry is in a better place today in building a foundation of trust needed than three years ago, McGraw called for:
- Prompt release of final regulations to implement the HIPAA Privacy and Security Rule changes mandated by HITECH Act;
- Strengthened accountability through greater transparency about enforcement of privacy and security rules;
- Baseline privacy and security legal protections for personal health information not covered by HIPAA;
- Appropriate limits on downstream uses of health information by contractors or business associates;
- Strengthened accountability for implementing strong security safeguards like encryption; and
- Protections against re-identification of HIPAA de-identified data.
“From traditional health entities to new developers of consumer-oriented health IT products to policymakers, all have an important role to play in ensuring a comprehensive privacy and security framework for the e-health environment,” she concluded.
To read the entire statement, click here.