The sobering words were spurred by a report by the United States Government Accountability Office that states the Department of Health and Human Services lacks a clear plan to protect patient privacy as the use of health information technology expands. It concluded that HHS had not yet defined basic privacy principles or determined how to integrate work from several groups that are currently assessing privacy issues. The report listed several workgroups established to explore policy issues, but recommended a more integrated approach.
HHS officials argued that GAO was not considering the need for flexibility, and that individual state regulations and policies make establishing broader policies more difficult. It also stated that its approach already was integrated. However, other reports have also called for a need for more integrated efforts, particularly in the establishment of a National Health Information Network. In addition, the GAO reports that the Secretary of Veterans Affairs concurred with the reports findings. The VA is not only well-respected for its health IT use, but the current health IT czar Robert Kolodner worked at the VA until assuming his current position last September.
But the nonprofit Markle Foundation testified before a Senate subcommittee that policies should be in place first—before technological design decisions are made. The Markle Foundation is a leading health IT think tank, which has worked with the Office of the National Health Information Coordinator on ways to spur use of health information technology.
Carol Diamond, managing director of the Markle Foundation, said that health IT in the United States is "missing a strong policy framework that would protect peoples health information."
She advocated adopting policies such as limiting use of information and making sure data storage is decentralized. However, she also noted that Congress was considering the statutory authority of several federal organizations created by President Bush, including the Office of the National Coordinator for Health Information Technology and the American Health Information Community, a brainstorming group consisting of industry and government leaders. Diamond suggested that the organizations that "initiate" actions may not be appropriate for longer-term implementation and policy making. She called for a highly visible independent mechanism to hear public complaints.
If the federal government does not demand transparency, oversight and accountability, she said, health IT efforts would fail. "If the policies and rules are not in place at the moment sensitive information, such as patient data, are collected and shared, public trust will be undermined," said Diamond. "In the process, the very viability of electronic information collection and sharing will be threatened."