Dr. David Blumenthal, national coordinator for health information technology, has strongly denied any plans to develop a national network that would transmit patients' medical information to the Justice and Homeland Security departments.
At a March 24 Health Information Technology Standards Committee meeting, Blumenthal said concerns about adopting the National Information Exchange Model intelligence agencies use had bubbled up in blogs to such an extent that he needed to address them.
The Health and Human Services Department and the Office of the National Coordinator for Health Information Technology plan to use NIEM, developed by Justice and Homeland Security, as a framework for standards harmonization and data exchange in a national health network.
Speaking extemporaneously, Blumenthal said, "There is some speculation on whether NIEM is some kind of Trojan horse for governmental control over health information."
He attributed the speculation to NIEM being a government-developed mechanism for standards and specifications, raising the question of whether that might "make it easier for health information to be transmitted, or might it make it inevitable that it is transmitted, to the Department of Justice, the Department of Homeland Security, the CIA [and the National Security Agency]."
Blumenthal, said with great emphasis, "and the answer to that question is absolutely no. I just want to say for the record, absolutely no."
The national coordinator for health IT would not participate in a standards development process that would lead to the transfer of private medical information to law enforcement or intelligence agencies, he added.
Rather than defusing concerns, privacy advocates said Blumenthal's remarks only heightened questions about what role NIEM standards, and the law enforcement agencies that developed them, will play in a national health information network.
Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, said she believes Blumenthal is well-intentioned in his aim to ensure patient information is not transmitted to law enforcement or intelligence agencies. But promises do not have the force of law, she noted.
The only way to absolutely guarantee medical record privacy is through an ironclad law or regulation that requires patient consent before information is shared, Peel said. HHS has yet to enshrine patient consent in its health IT policies.
Sue Blevins, founder and president of the Institute for Health Freedom, pointed out that Blumenthal's promises are overshadowed by the Health Insurance Portability and Accountability Act, which allows disclosure of a patient's medical information to intelligence agencies.
Twila Brase, president of the Citizens Council on Healthcare, an advocacy group based in St. Paul, Minn., said HHS' use of NIEM standards increases her concern that the national health network might have far broader purposes than the exchange of information between clinicians to care for patients.
Brase said she believes the national network could become a law enforcement and intelligence tool and even be used to unearth damaging medical information on political candidates, including presidential contenders.
Paul Wormeli, executive director of the IJIS Institute, a nonprofit group promoting information sharing among federal, state and local agencies, dismissed privacy advocates' concerns. He said NIEM is just a framework and set of standards for sharing information, such as the Health Level 7 standards widely used by the health IT industry.
NIEM is a tool and will not allow access to private medical records, and there is "no basis" for privacy concerns over its use in national health record systems, Wormeli said.