Professional News
Government Not Doing Enough to Ensure Medical-Record Privacy
Psychiatric News
Volume 43 Number 21 page 10-10

The federal government needs to do more to ensure privacy and confidentiality in any national electronic health information network that is developed.

In particular, the Office of the National Coordinator for Health Information Technology needs to develop a process for assessing the myriad privacy concerns of different stakeholders and for determining how all of those concerns will be addressed in an overall strategy for ensuring privacy and confidentiality, according to a report by the Government Accountability Office (GAO) released in September.

The Department of Health and Human Services' (HHS) "privacy approach does not include a defined process for assessing and prioritizing the many privacy-related initiatives to ensure that key privacy principles and challenges will be fully and adequately addressed," according to the report. "As a result, stakeholders may lack the overall policies and guidance needed to assist them in their efforts to ensure that privacy protection measures are consistently built into health information technology programs and applications. Moreover, the department may miss an opportunity to establish the high degree of public confidence and trust needed to help ensure the success of a nationwide health information network."

In January 2007, the GAO issued a report on protecting the privacy of electronic health information that asked HHS to identify milestones and assign responsibility for integrating the outcomes of its privacy-related initiatives, ensure that key privacy principles are addressed, and address key challenges associated with the nationwide exchange of health information.

The new GAO report noted that HHS has undertaken some important steps. They include the following:

In addition, the secretary of HHS released a federal health information technology strategic plan in June that includes privacy and security objectives, along with strategies and target dates for achieving them.

But HHS needs to do more, the GAO said.

"In particular, the department has not defined a process for ensuring that all privacy principles and challenges will be fully and adequately addressed," the GAO stated. "This process would include, for example, steps for ensuring that all stakeholders' contributions to defining privacy-related activities are appropriately considered and that individual inputs to the privacy framework will be effectively assessed and prioritized to achieve comprehensive coverage of all key privacy principles and challenges.

"Such a process is important given the large number and variety of activities being undertaken and the many stakeholders contributing to the health information technology initiatives. In particular, the contributing activities involve a wide variety of stakeholders, including federal, state, and private-sector entities."

"HHS Has Taken Important Steps to Address Privacy Principles and Challenges, Although More Work Remains" is posted at<www.gao.gov/new.items/d081138.pdf>. Information about the Certification Commission for Healthcare Information Technology is posted at<www.cchit.org>.

Interactive Graphics


Citing articles are presented as examples only. In non-demo SCM6 implementation, integration with CrossRef’s "Cited By" API will populate this tab (http://www.crossref.org/citedby.html).
Related Articles