Feds Divided On Protecting Patient Data

In a Government Accountability Office report released on Thursday, the GAO says that while the U.S. Department of Health and Human Services has a number of "collective initiatives" to address key privacy issues, there's no clearly defined strategy to bring all those efforts together in protecting the privacy of electronic patient data.

In its report, the GAO recommends that HHS "define and implement an overall privacy approach that identifies milestones for integrating the outcomes of its initiatives, ensures key privacy principles are fully addressed, and addresses challenges associated with the nationwide exchange of health information."

But the report reveals that HHS officials bristled at those recommendations, arguing that the department has a "comprehensive and integrated" approach for protecting privacy and disagreeing about a need to identify milestones.

In the GAO report, HHS commented that "tightly scripted milestones" would impede the department's processes and inhibit dialogue among the stakeholders of a national health IT network about policy matters.

Sponsored post

The nation's health IT czar--Dr. Robert Kolodner, who is interim national coordinator for health IT and reports to U.S. health and human services secretary Michael Leavitt--says both HHS and the GAO agree on the need for a secure health IT network.

"There's no disagreement that privacy and security be built in," he says. However, he admits that there is an "honest differences of opinion" between the GAO and HHS, especially regarding the issue of milestones. Kolodner says that milestones in privacy initiatives should be established as the work to build a nationwide health information highway evolves. That's because HHS is relying on input from many stakeholders, such as state and local governments, about privacy needs that must be met along the way. "I liken it to Lewis and Clark--during their journey when they came across a mountain, they didn't know if there was another mountain or a river on the other side," he says. "We believe this is a journey that no one had ever done before as well," he says.

Kolodner says he reiterated that analogy to members of Congress a hearing on Thursday discussing health IT.

The GAO report, titled "Health Information Technology: Early Efforts Initiated But Comprehensive Privacy Approach Needed for National Strategy," was in response to a request by the U.S. Senate for GAO to describe the steps HHS is taking to ensure privacy protection within a nationwide health IT network.

It's been three years since President Bush set out the goal for most Americans to have interoperable, electronic health records by 2014.

Kolodner says he feels confident that the nation will meet Bush's goal. "We are focused on delivering that," he says.