Legislation to advance the shared goal of Congress and President Bush to
establish a national health information technology (HIT) infrastructure within
10 years has raised objections from APA and other mental health
organizations.
APA has opposed the Wired for Health Care Quality Act (S 1693) over
concerns it would provide inadequate security and privacy protections for
patients. The bill is sponsored by Sen. Edward Kennedy (D-Mass.) and had 12
cosponsors at press time. Similar legislation (HR 3800) was introduced in
early October in the House by Rep. Anna Eschoo (D-Calif.) but has not yet
advanced.
"Carefully structured HIT development has the potential to raise the
overall quality of care provided to patients, inform health professionals of
the latest standards of care, and improve efficiency in electronic
communication of important health care information," the Mental Health
Liaison Group, which includes APA, wrote in a letter to the bill's sponsors."
But the potential of health information technology can only be realized
if health information privacy and security are keystones to such
development."
The Senate bill, approved by the Health, Education, Labor, and Pensions
Committee on August 1, would require government purchases of HIT to meet basic
standards on information exchange. A panel of government and private-sector
stakeholders—including a representative of patient or privacy advocacy
groups—would recommend the standards. A total of $278 million would be
authorized for Fiscal 2008 and 2009 for competitive matching grants to
regional and local HIT networks. The regional networks created under the
legislation would unite insurers, doctors, hospitals, and other health care
providers into a single HIT network that can share information. The grants
would be available for five years.
The measure is similar to two separate bills passed by both the House and
Senate in the previous Congress, but differences in the two bills were never
resolved.
Kennedy said that $140 billion would be saved annually through expanded HIT
use. Those savings could cut the cost of a family's health insurance by over
$700 a year.
Privacy advocates, including APA, raised concerns that digitizing health
records would leave patients open to violations of their privacy rights and
identity theft. The legislation would bring HIT databases under the
protections of an existing patient privacy law (PL 104-191). However, further
patient protections are needed, according to APA.
Additional provisions sought by APA include an acknowledgement of patients'
right to health information privacy, inclusion of a right of consent for the
disclosure of identifiable information in routine situations, requirement to
notify patients when their privacy is breached, and strong enforcement
measures for violations of privacy.
Also needed is continuous congressional involvement and approval of any
recommendations developed by the Office of the National Coordinator of Health
Information Technology or any public-private partnerships APA said.
"The many privacy breaches of electronic health information systems
that have occurred over the past two years underscore the merit of ensuring
that strong privacy protections be included in HIT legislation in order to
preserve the patient's and the public's trust and confidence in the health
delivery system," according to the letter.
The Senate bill's progress was slowed by privacy advocates in the Senate,
including Sen. Patrick Leahy (D-Vt.), who introduced an alternate HIT bill (S
1814). The Leahy bill includes many of the provisions APA sought in the
Kennedy bill, including the right of all individuals to inspect and copy their
own health records and to receive notice of the privacy practices of data
brokers and others who store this information in electronic databases. The
bill also prohibits the disclosure or use of health information without a
patient's authorization and requires patient notification of a health
information security breach within 15 days of discovery of the breach.
The bill also contains criminal and civil penalties for illegal disclosure
of HIT records and for companies that do not take adequate care in
safeguarding them.