Carnegie Mellon Professor Latanya Sweeney, who has written extensively about “anonymization” of data and the ability for people to “de-anonymize” data, writes an opinion column in Modern Healthcare about medical privacy issues related to systems of electronic health records (a.k.a. health IT).
From my son’s pediatrician to my father’s specialist, physicians are talking about electronic health records. Widespread EHR adoption is a goal of the American Recovery and Reinvestment Act of 2009, which provides financial compensation to healthcare providers and hospitals for meaningful uses of EHRs in years 2011 to 2015.
If successful, the ARRA will ignite a mass exodus from a prehistoric paper age into a tech-savvy networked cosmos called the Nationwide Health Information Network in which patient information flows seamlessly across computers, devices, organizations and locations as needed. For lasting success, special care must be taken to allow widespread sharing of patient information while protecting patient privacy, and that brings into question the recently released list of requirements from the CMS that include no privacy incentives and the current NHIN approaches from the Office of the National Coordinator that lack privacy and utility. Read the full story here. […]
Technical bliss also requires the NHIN keep patient information confidential. Privacy is essential to doctor-patient trust allowing patients to freely communicate intimate behaviors and details to physicians and physicians to freely store related facts and notes. A significant loss of privacy in the NHIN will render it useless and can cause serious personal harm as patients opt out and doctors find unforeseen ways to hide sensitive patient information. The ARRA specifies numerous requirements for patient privacy protection, yet the CMS list of meaningful uses for 2011 includes no privacy incentives. […]
With only months remaining before early adopters start using new and retooled EHRs to qualify for compensation in 2011, the time seems ripe to examine privacy and the NHIN and seek corrective action.
The current approach to NHIN design is “let a thousand flowers bloom.” Regional and state groups receive financial support from the ONC but are left alone to navigate the immature technical terrain and make isolated decisions. The lack of overall architectural coordination promises autonomous local NHINs that are not likely to interoperate and can expose patient information to different hazards. […]
With few months remaining and a desire that EHR adoption be successful and long-lasting, I propose an intervention. Develop a “flowerpot,” a single conceptual NHIN defined by trust invariants based on stakeholder barriers (e.g. patient privacy and provider liability). A local NHIN participates in the flowerpot only if a risk assessment proves its implementation satisfies constraints. Then, no matter the services or technical architecture deployed by local NHINs, the overall flowerpot of NHINs gives universal responsible guarantees to patients, providers and other stakeholders. So, “let a thousand flowers bloom” … in a single flowerpot!