Friday, December 10, 2010

Don't Worry, the Feds Say Your Medical Information Will Be Kept Absolutely Private

With the planned burgeoning of health IT nationally and the formation of information "exchanges", ensuring information privacy, confidentiality and security become paramount. Systematic threats to medical privacy, confidentiality and security could do significant damage to our Republic.

Yet, according to Modernhealthcare.com in "Looking to loosen privacy rules in Calif." (Dec. 7, 2010):

The head of a federal privacy and security advisory committee and a lawyer for a prominent consumer affairs organization are scheduled to press California officials this week to revise that state's health information exchange (HIE) guidelines [which have strong opt-in consent requirements -ed.] to conform to less-stringent federal privacy recommendations.

Joseph Conn, author of the article relates:

Deven McGraw, director of the Health Privacy Project at the Center for Democracy & Technology, a Washington think tank, and Mark Savage, a San Francisco-based lawyer for Consumers Union [McGraw is also an appointee to a prominent role in the federally charted HHS Health IT Policy Committee; see below - ed.], are to participate via telephone Thursday in a meeting of the California Privacy and Security Advisory Board [CalPSAB].

Here's the problem:

The CalPSAB advises the state's health secretary on healthcare privacy and security policy. Given the traditional leadership role that California plays in the healthcare industry, the board's recommendations could influence how patient consent is handled in electronic health information exchanges nationwide.

Why these recommendations? To satisfy the needs of the reckless rush to national health IT:

McGraw, a lawyer, is a member of the federally charted Health IT Policy Committee, created pursuant to the American Recovery and Reinvestment Act of 2009 to advise the Office of the National Coordinator for Health Information Technology at HHS. McGraw also serves on five work groups or subcommittees of the Health IT Policy Committee. She is chairwoman of its privacy and security workgroup and co-chairwoman of its privacy and security tiger team. [The name "tiger team" makes me wonder who's going to get mauled - ed.]

McGraw and Savage sent a letter Oct. 6 to California Health and Human Services Sec. S. Kimberly Belshe along with a copy of the tiger team's recommendations on privacy and security for health information exchange originally sent to ONC head David Blumenthal on Aug. 19. They also sent Belshe a 10-page "briefing paper" summarizing those recommendations and a follow-up letter Dec. 5.

The briefing paper urged California to "adopt a comprehensive framework of privacy protections such as that recommended by the tiger team." [I.e., that are less stringent than California's - ed.]

They threw a little fear into their recommendations:

The brief also warned that with the first stage of a federal IT incentive program beginning soon, without a consent policy in place, "California's privacy and security framework for patient health information cannot be completed." Furthermore, if that framework isn't completed, the brief asserted, "eligible providers cannot achieve the meaningful-use criteria and benefit from the substantial federal reimbursements."

In other words, "The feds have rushed you to such a point that you cannot possibly have enough time to seriously consider and put into place rigorous privacy regulation, so adopt our 'tiger team' recommendations (or you ain't gonna get money from the feds)."

This is not reassuring.

Among other issues, it seems another example, as in HITECH itself, of the Federal Government setting timelines and policies and using the "fear, uncertainty and doubt" (FUD) principle to manipulate and strong-arm the States into ceding their rights to regulate healthcare. Such Federal overreach seems to be common these days.

Only now, due to the nature of the data involved, this gets personal.

Listen to us, we're the Tiger Team!

Of course, there's always plausible deniability:

Officially, the ONC is not a party to the push by McGraw and Savage to leverage the federal tiger team's work in California, according to the ONC. Asked whether the ONC was aware of and supports the efforts of McGraw in California, spokeswoman Nancy Szemraj said, "We have no knowledge of this letter."

Again, not very reassuring or credible, considering:

1) as above, that McGraw and Savage sent a letter Oct. 6 to California Health and Human Services Sec. S. Kimberly Belshe along with a copy of the tiger team's recommendations on privacy and security for health information exchange originally sent to ONC head David Blumenthal on Aug. 19.

and:

2) McGraw's role on five work groups or subcommittees of the Health IT Policy Committee:

Health IT Policy Committee (A Federal Advisory Committee)

The Health IT Policy Committee will make recommendations to the National Coordinator for Health IT on a policy framework for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of patient medical information. The American Recovery and Reinvestment Act of 2009 (ARRA) provides that the Health IT Policy Committee shall at least make recommendations on standards, implementation specifications, and certifications criteria in eight specific areas.

-- SS

Addendum Dec. 10, 2010:

This post generated a comment containing a significant logical fallacy, apparently from Harley Geiger, staff counsel of the CDT (Center for Democracy and Technology) which is one of the key actors mentioned in the Modern Healthcare story. The comment and my comment back can be seen in the comments section at this post.

If the comment was truly from Mr. Geiger, I would be even less confident than before that an organization whose staff counsel will not or cannot proffer a logically coherent argument will protect our precious freedoms.

-- SS