First Things First!! -- Privacy assurances must come first!

When a business sets policy regarding information technology it is best advised to do so without specifying technical solutions. Instead, the policy makers for that business set guidelines for what the technology is to acheive and how it should be constrained. When our legislators set policy regarding information technology, the need to follow this practice is is hightened since that policy becomes the law of the land. When legislators fail to abide by this practice, you end up with bad policy like FISA (the 1978 Foreign Intelligence Surveillance Act). FISA is bad because it specifies technology--outdated circuit-based technology--directly in law. Now, FISA is very difficult to interpret, and is the source for serious debates over surveillance effectiveness and privacy.

Currently, there are massive efforts to harness health information technology. The objectives overlap: decreasing cost, increasing quality, identifying profit opportunities, enabling better management of personal health information, and more. Each U.S. Senator, including some with aspirations of higher office, wants to be the first to put their name on legislation that somehow taps into those efforts. They have not learned from past mistakes and will unwittingly put your security and privacy at risk.

HR 2991, The Independent Health Record Trust Act, abides by the policy practice mentioned above. Its aim is to acheive privacy and security in health IT and place constraints on those efforts already underway.