The Internet Ahead

In today’s post, we’ll continue the analysis of Obama’s guarantees of online privacy rights to American citizens.  Specifically, we will discuss the commitment to protect sensitive online health data that will be increasingly important as the President-elect attempts to reform the health care system.

Privacy Issues:  Electronic Health Records

The digitization of health records is an key part of President-elect Obama’s health care plan, as it will help to reduce costs while minimizing errors and improving the standard of care in the U.S.  However, this idea comes with many new risks of its own:  Not only can online/electronic records leave patients susceptible to general abuse, misuse, or theft of their data, but it also specifically could allow for discrimination in insurance or care.  Thus, it is important that the Obama administration acts proactively to safeguard such important information.

Luckily, the transition has already yielded positive results for the privacy of medical records.  On December 15, the Department of Health and Human Services released a document entitled “Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information,” providing guidelines for the protection of electronic records.  The document includes 8 key principles for the usage of these documents:

1. Individual access:  Individuals should be offered a reasonable and simple means of access to their health information.
2. Correction:  Individuals should be provided with a means to correct erroneous health information.
3. Openness and Transparency
4. Individual Choice:  Individuals should be given the opportunity to make decisions about the “collection, use, and disclosure” of their health information.
5. Collection, Use, and Disclosure Limitation:  Health information should be collected, used, and disclosed only to “the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately”.
6. Data Quality and Integrity
7. Safeguards:  Medical records should be protected with technical and physical safeguards that prevent unauthorized abuse or disclosure.
8. Accountability:  Sufficient monitoring mechanisms should be used to ensure that the principles are followed.

Additionally, the Department released other documents applying the 1996 Health Insurance Portability and Accountability Act (HIPAA) to the future of electronic records.  While many software companies have argued that this act is sufficient to protect the privacy of health records, many other individuals are still concerned that it doesn’t go far enough and should be reformed to take into account the rapid changes occurring in technology. 

Recommendations 

This concern of privacy advocates is legitimate, and the Obama administration should address it before moving forward with the President-elect’s plans to use electronic health care records.  A few issues regarding HIPAA are of particular concern.  

First, the Act allows the disclosure of private health data—without consent—for “treatment, payment, or health-care operations.”  This is done without notifying the patient in any way, and should be changed so that individuals have greater control over how their personal information is used.  President-elect Obama has begun to address this issue through the “Individual Choice” principle, but should continue to do so by reforming the HIPAA.  

Additionally, the Center for Democracy and Technology notes that the HIPAA only applies to health entities.  As President, Obama should strengthen the Act for the new electronic records, but he should not merely extend these rules to non-health entities; the HIPAA would not address all of the additional potential privacy problems of employers and Internet companies that would also hold electronic medical records.  Instead, new laws must be tailored to these other groups that will have access to private health information.  

This is particularly important when one considers the potential for health discrimination.  Privacy and patient advocates point out that individuals should have greater control over what medical information employers and insurers have access over to prevent employment or coverage discrimination (i.e. not hiring someone with a terminal disease or charging higher premiums to someone genetically predisposed to having cancer).  Right now, forms of discrimination such as medical underwriting (when coverage is selectively provided on the basis of health) are prohibited by the HIPAA, but the law would not work when employers or insurers themselves were the ones holding the information.  The Obama administration should work to supplement this law.

Provided that President-elect Obama works to protect and enforce privacy laws while he attempts to fix the health care industry, electronic medical records with be a giant step forward.  However, if he fails to carry out the HHS’s 8 principles or does not take the above-mentioned steps to improve the HIPAA, electronic health information will become a dangerous issue in and of itself.