Privacy
HEALTH IT: The Not-So-Private View from HHS
Earlier this week we posted our interview about the future of health IT with Carol Diamond of the Markle Foundation. (Part one, and part two). Today we'd like to point you to The Hill 's interview with Health and Human Services Secretary Mike Leavitt on the same topic.
Two points struck us. First, neither the article nor the full Leavitt transcript mentions the word "privacy"—a big issue both for policymakers and for the public who keep reading about nosy hospital staff, researchers who do sloppy things like leave laptops with patient records in the car, and thieves who steal credit card numbers and other financial identity information from medical records. Not insurmountable but essential if we're going to get the country on board with health IT. Second, Leavitt really depicted the health IT challenge primarily as a technology question involving interoperability (letting different computer systems talk to each other) while Markle's Connecting for Health program and conversations with some other experts have made us think about a far broader range of policy challenges that won't be solved only by the computer geeks.
HEALTH IT: Crime and Punishment (Please)
The Wall Street Journal had a great piece and blog item yesterday about Health IT and privacy breaches — we would have blogged about it then had we not, coincidentally, been out much of the day with some other think-tankers and foundation folks educating ourselves about that very topic. Among other things, the Journal article made the key point that privacy breaches are rarely prosecuted. That's not the right way to build public confidence in electronic health records.
Some 35,000 reports of privacy violations have been reported to the Department of Health and Human Services under HIPAA (Health Insurance Portability and Accountabilty Act) since 2003, but not a single civil fine has been levied, WSJ reported. HHS says several hundred reports of violations have been referred to the Department of Justice for criminal prosecution; about 200 cases have been filed although it's not clear how many of them were under HIPAA.
