Bush Administration has no overall strategy to protect patient privacy in electronic health records

The Bush administration has no overall strategy to ensure patient privacy as it promotes expanded use of electronic health records among insurers, doctors, hospitals and other health care providers, according to a recent Government Accountability Office report, the New York Times reports.

In 2004, President Bush said every U.S. resident should have an EHR by 2014, which could prevent "dangerous medical mistakes, reduce costs and improve care." However, according to the Times, the report found that the Bush administration "had a jumble of studies and vague policy statements but no overall strategy to ensure privacy protections" would be built into a national EHR system. Sen. Daniel Akaka (D-Hawaii), who requested the GAO investigation, said the report indicates that the Bush administration is "not doing enough to protect the privacy of confidential health information." He added that "more and more companies, health care providers and carriers are moving forward with health information technology without the necessary protections." Mark Rothstein, professor of law and medical ethics at the University of Louisville School of Medicine and chair of a panel that advises the government on health information policy, said HHS lacks "a sense of urgency" about the issue of health privacy. He added that "time is of the essence" because many private companies, such as Wal-Mart and Intel, are "racing ahead" to establish medical record banks and health information exchanges that they say will have "stringent privacy policies and procedures." Rothstein said Congress should not continue to fund a nationwide health information network until the administration does more to protect patient privacy. He added, "If privacy protections are not built into the network, people will not trust it. They won't participate, or they will opt out if they are allowed to." Robert Kolodner, who coordinates work on IT at HHS, said his department is "very committed to privacy and security as it works toward the president's goal" (Pear, New York Times, 2/18).

An abstract of the GAO report is available online.

Opinion Piece
Eleven years since the enactment of the Health Insurance Portability and Accountability Act, "we still don't have a free flow of information and computer system interoperability that the law was supposed to foster, but we do have the hassle and expense of dealing with the privacy parts," physician Benjamin Brewer writes in a Wall Street Journal column. "Initially, I was hopeful that the complexity and cost of the privacy provisions would be made up for by easier flow of critical information" promised by HIPPA, Brewer writes. He continues, "From my perspective it hasn't worked out so well," adding, "I face bureaucracy -- bureaucracy that the letter of the law doesn't require -- with virtually every hospital and health care entity I deal with" (Brewer, Wall Street Journal, 2/19).