Think tank details its ideas for use of health IT records

On the eve of a Senate hearing that will examine privacy of personal health records, a think tank Monday released a paper arguing that patients' information should easily flow for treatment, payment and core administrative tasks without requiring consent.

It also contends that stricter limits should be placed on marketing and other secondary uses.

Privacy was a hot topic last year as legislation intended to spur nationwide adoption of electronic medical records moved through the House and Senate. The debate reignited this month as billions of dollars for health IT were included in economic stimulus packages proposed by Democratic leaders and President Obama.

Rather than relying on consent to control all uses of health information, the Center for Democracy and Technology said consent should be used in a more focused way. It should be required, for example, for access and disclosure of information in new personal health records being established on the Internet, or for uses and disclosures of information for marketing purposes.

"Requiring consent for all data sharing in healthcare will only overwhelm patients, leading them to give blanket consent and providing very weak protection," said Deven McGraw, the center's health expert who will testify at the Senate Judiciary Committee hearing alongside other consumer advocates, technology and healthcare industry representatives.

The center favors including privacy protections in the economic stimulus plan, House and Senate versions of which contain around $20 billion for a national health IT network.

Senate Judiciary Chairman Patrick Leahy played a major role in ensuring that comprehensive privacy provisions were part of health IT legislation in the 110th Congress -- and while today's hearing will not focus exclusively on the stimulus, it will be part of the debate. Leahy is also a member of the Senate Appropriations Committee, which is slated to consider its portions of the stimulus proposal at around the same time.

Additionally, the Senate Finance Committee will mark up its stimulus language, which includes about $17.9 billion in health IT proposals aimed at standard-setting, operability and adoption incentives for hospitals and physicians.

In addition to consent, the privacy framework envisioned by the center would include other privacy principles, such as the right of patient access to files and strong oversight and accountability procedures.

"If we get away from viewing consent as the be all and end all of privacy, and use this stimulus funding to establish a more comprehensive framework of protections, we can break the privacy logjam," McGraw said in a release. The Senate Appropriations Committee is expected to include privacy provisions, but details were withheld until after the panel convenes, a spokesman said. A summary of the proposal released Friday said $5 billion would go toward computerization of health records.

Also on Monday, the Pharmaceutical Care Management Association wrote to House Speaker Pelosi and Minority Leader Boehner outlining concerns with privacy provisions in stimulus language that passed the Energy and Commerce and Ways and Means committees last week.

Among the group's concerns are sections that would require covered entities to account for all disclosures of personal health data for treatment, payment and operations, and new data breach notification rules.