Currently, HR 2991 is stalled in the Health Subcomittees of the House Ways and Means and House Energy and Commerce. One might assume the House is waiting to attach it to a bigger bill.
That would be a mistake. First, it's likely that whatever it gets attached to is more contoversial, while HR 2991 is not and can stand on its own. Second, if there is a need to modify an aspect of HR 2991 in the future, then it won't be considered a risk for opening some larger can of worms.
Thursday, February 21, 2008
Why do we need IHRTs?
There is a lot of effort going into enabling the exchange of health information. Better exchange of health information can lead to better quality of care for the individual, improvements in the processes revolving around care, and quality improvements resulting of aggregation of health data at the regionals and national level. When there is an increase in quality there may also be an opportunity to reduce cost.
Google, Microsoft, WebMD, and others you're familiar with: They are already trying to access a peice of that pie. But the number of companies engaging in public/private initiatives across the country is large and growing. Without appropriate legislation, there may be opportunities for abuse of your health information far beyond what you've experienced with credit card fraud. Will legislation make you safe? No, but it is better to start off with legislation, than to add it as an afterthought. People are already voluntarily entering health profile data in Google. I hope they are reading that fine print! With appropriate laws, we won't have to rely on the fine print nearly as much.
Participation in IHRTs by patients, doctors, and other providers, should remain voluntary. To improve quality and lower cost, participation should not be disuaded by concerns over security.
Google, Microsoft, WebMD, and others you're familiar with: They are already trying to access a peice of that pie. But the number of companies engaging in public/private initiatives across the country is large and growing. Without appropriate legislation, there may be opportunities for abuse of your health information far beyond what you've experienced with credit card fraud. Will legislation make you safe? No, but it is better to start off with legislation, than to add it as an afterthought. People are already voluntarily entering health profile data in Google. I hope they are reading that fine print! With appropriate laws, we won't have to rely on the fine print nearly as much.
Participation in IHRTs by patients, doctors, and other providers, should remain voluntary. To improve quality and lower cost, participation should not be disuaded by concerns over security.
What is an Independent Health Record Trust?
There is much confusion over the definition of an Independent Health Record Trust. First, HR 2991 does not define trusts as data banks, either centralized or federated. The bill leaves implementation of a trust to various solutions. Yet, you'll find interpretations of the bill stating, incorrectly, that it establishes one or multiple data banks.
The bill's most technical wording is "nationwide health information technology network" and in the rest of the document establishes that such a network would consist of independent trusts.
In information technology, a Trust defines a secure relationship. The bill adds that the Trust is charged with fiduciary responsibility. In the context of HR 2991, a viable and practical implementation of a Trust could utilize a federated security model to guard indices to health data contained in medical records, profiles, etc. There is no need to start gathering up all the data. That would be difficult, to say the least.
The bill's most technical wording is "nationwide health information technology network" and in the rest of the document establishes that such a network would consist of independent trusts.
In information technology, a Trust defines a secure relationship. The bill adds that the Trust is charged with fiduciary responsibility. In the context of HR 2991, a viable and practical implementation of a Trust could utilize a federated security model to guard indices to health data contained in medical records, profiles, etc. There is no need to start gathering up all the data. That would be difficult, to say the least.
What is a Health Record?
As defined by the Agency for Health Record Quality (ahrq.gov), A "health record" is understood to be a collection of records concerning your health. It includes "medical records", which are those records held by hospitals (emergency records, radiology records, admissions records, etc...), doctors offices, clinics, insurance companies, etc. If you create a Google Health Profile or a Medstory Profile (purchased by Microsoft), or WebMD Profile if and when that becomes available, it too could logically be part of your health record.
HR 2991 establishes that it is the patient who should maintain control over access to a health record by establishing the concept of a Health Record Trust -- basically, a framework for establishing trust relationships between individuals and those who would access health data.
HR 2991 establishes that it is the patient who should maintain control over access to a health record by establishing the concept of a Health Record Trust -- basically, a framework for establishing trust relationships between individuals and those who would access health data.
Tuesday, February 19, 2008
No Philosophical Barriers
From my vantage point, I can see no reason to oppose HR 2991 regardless of your political leanings or otherwise.
It doesn't favor any particular party Democrat or Republican.
I don't think it favors any economic philosophy: whether you prefer nationalized or free market health systems. It should be compatible with either.
It doesn't favor any particular technology. It just sets policy.
It doesn't favor any particular party Democrat or Republican.
I don't think it favors any economic philosophy: whether you prefer nationalized or free market health systems. It should be compatible with either.
It doesn't favor any particular technology. It just sets policy.
Can't Un-Mix the Egg!!
Currently, trade groups from the Health Care and IT industries are pushing new legislation (H.R. 3800 "Promoting Health Information Technology Act" and H.R. 1693 "Wire for Health Care Quality Act") that would expand the interoperability of health systems (read as access to your health records!). The privacy provisions of these bills are very weak! Their other qualities may or may not be good. I did not review them from any perspective but privacy and security. From those perspectives, they do not measure up to HR 2991 "Independent Health Records Trust Act" whose sole purpose is privacy and security.
Reason for acting on HR 2991 NOW: Once this egg is mixed it may be impossible to un-mix!! Retroactively implementing security policy could be extremely difficult and may require relaxation of the would-be provisions of HR 2991 as compared with making these guarantees up front!
Studies by the Markle Group (www.markle.org) strongly suggest that policy issues in health IT easily become legal entanglements (so IT issues become settled by lawyers--not good). Security & privacy policy must be strong and comprehensive before broadly implementing health record technology.
Reason for acting on HR 2991 NOW: Once this egg is mixed it may be impossible to un-mix!! Retroactively implementing security policy could be extremely difficult and may require relaxation of the would-be provisions of HR 2991 as compared with making these guarantees up front!
Studies by the Markle Group (www.markle.org) strongly suggest that policy issues in health IT easily become legal entanglements (so IT issues become settled by lawyers--not good). Security & privacy policy must be strong and comprehensive before broadly implementing health record technology.
Will we end up saying "It's too bad..."?
It's too bad congress could not foresee the potential for credit card fraud prior to the massive dissemination of credit cards and set governing policy that protects privacy and security...
It's too bad congress could not foresee the potential for social security fraud and set appropriate governing policy before the massive dissemination of social security IDs...
It's too bad congress could not foresee the potential for health record fraud and set appropriate governing policy before the massive aggregation of personal health records...Wait a minute! We can foresee this potential!
The question is will congress listen?
Will we end up saying "It's too bad..."?
It's too bad congress could not foresee the potential for social security fraud and set appropriate governing policy before the massive dissemination of social security IDs...
It's too bad congress could not foresee the potential for health record fraud and set appropriate governing policy before the massive aggregation of personal health records...Wait a minute! We can foresee this potential!
The question is will congress listen?
Will we end up saying "It's too bad..."?
Subscribe to:
Posts (Atom)