Electronic Health Records: Privacy BarrierBy Ericka Chickowski | Posted 2008-06-30 Email Print
Many attribute slow uptake of electronic health records, or personal health records (PHR), as a sign of consumer mistrust of privacy practices and security technology.
Privacy a Major Barrier
Many factors still hinder the online health records movement, but none are as readily apparent as privacy and confidentiality issues. Markle’s survey, created by Columbia University Professor Emeritus Alan F. Westin and conducted by Knowledge Networks, found that among 1,500 members of the public, 53.6 percent were disinterested in using PHRs. Of those, privacy was the most frequently chosen reason.
Privacy has long been a delicate issue in health IT circles, which was why Congress acted in 1996 to push through the HIPAA (Health Insurance Portability and Accountability Act). Yet, for all its benefits, HIPAA has nary a whisper on the subject of online personal health records. The law is, after all, 10 years old.
"Some of the new services aren't covered under federal health information privacy laws, and there is uncertainty about privacy protections," Steve Findlay, health care analyst for Consumers Union, publisher of Consumer Reports, said at last week’s press conference on the Connecting for Health Common Framework release. "This collaboration lays out specific practices that all PHRs and related services can use, whether they are covered by federal privacy rules or not, so they can enhance public trust."
The Connecting for Health framework task force set aside the HIPAA debate and went back to the basics, by defining fundamental elements of privacy in the context of PHR and tailored online health services, says Dempsey of the Center for Democracy and Technology. Most importantly, the framework recommendations were written to be consumed by a range of audiences, including policy makers, system developers, health care providers, employers, insurance companies and consumers, he says.
“What this task force did was it took motherhood and apple pie principles─you've got to protect privacy, you ought to have security, you need to give notice to people about your practices─and translated them into 120 pages of detail,” Dempsey says.