PRO(TECH)Ting Medical Privacy - We're Keeping An Eye on It For You So the Snoops Can't Do It Too

It’s time to get healthcare into the 21st century (again.) For the third year in a row, Congress is debating the merits of a health IT bill, HR 6357, to promote faster adoption of electronic medical records. See the CQ article on HR 6357.

This year’s health IT bill just approved by the House Energy and Commerce Committee has a clever name, PRO (TECH)T. That’s short (or long, depending on where you stand) for Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008.

Based on the name, protection would seem to be a big part of the bill. And that make sense. One of consumers’ biggest concerns when it comes to the conversion from paper to electronic health is medical privacy. People are starting to realize there is a growing secondary market for electronic health records – that does not include treatment, bill pay or reimbursement. Many businesses who support the PRO(TECH)T bill intend to data mine patient records and create new revenue streams with no clear patient benefit.

So, actually, in PRO(TECH)T protection comes up short. During yesterday’s Energy and Commerce Committee hearing, Rep. Ed Markey (D-Mass.) said it best: the bill mentions privacy 22 times but does not define it.

We know what really happened. With hundreds of competing lobbyists waiting in the wings, perhaps some actually breathing down the necks of bill drafters, no one could agree on something acceptable.

We think the definition is simple: medical privacy is defined as patient control of electronic health records.

Fortunately, yesterday some real progress was made toward that goal.

Chairman John Dingell (D-Mich.) coaxed his Michigan colleague Republican Mike Rogers to withdraw a lobbyist-driven proposal to alter the compromise bill. Ranking member Joe Barton (R-Texas), who himself survived a horror story of health privacy invasion, ticked off a list of recent improvements to the bill including tightening existing patient protections, boosting penalties for those who steal information, and keeping businesses accountable. Barton assured everyone that the committee’s “good faith compromise” kept a mindful eye to protect privacy.

Rep. Lois Capps (D-Calif.) acknowledged that the privacy groups have a point (Thanks Rep. Capps!). Later Rep. Tim Murphy (R-Pa.) offered a great Pittsburgh hospital example where electronic records security protections actually led to 16 snoops being fired from a hospital treating celebrities. With paper files, there was no way to track unauthorized access, he said. Now hospital databases can warn of penalties and sound the alert when a system is breached. During the hearing Rep. Markey proved why he is one of privacy’s biggest defenders in the House. He reminded us that it remains crucial to protect patient information from prying eyes and hackers all around the world. We cannot put patients’ personal secrets at risk, he cautioned, by offshoring them for processing to countries that don’t share American privacy and security values.

Rep. Markey feared the bill’s privacy protections could still be diluted. The bill, he noted, does not make it clear that individuals have a right to make personally identifiable information private. But Chairman Dingell promised him and others that bill language could be clarified before the House voted.

So we, too, will keep a mindful eye on it and listen to the House Ways and Means Subcommittee on Health hearing today.