/* from "HPP Resigns from Government Privacy Workgroup." Feburary 21, 2007. source: http://www.healthprivacy.org, downloaded February 24, 2007 */

February 21, 2007

 

Robert Kolodner, M.D.

Interim National Coordinator for Health Information Technology

U.S. Department of Health and Human Services

330 C Street SW Ste 4090

Washington DC 20201

 

Dear Dr. Kolodner:

 

On behalf of the Health Privacy Project (HPP), we submit this resignation of HPP's Deputy Director Paul Feldman as the Co-chair of the American Health Information Community (AHIC) Confidentiality, Privacy, and Security Workgroup (CPS). We have determined we are unable to continue given that the workgroup has not made substantial progress towards the development of comprehensive privacy and security policies that must be at the core of a nationwide health information network (NHIN). The Health Privacy Project's mission is to raise public awareness of the importance of ensuring health privacy in order to improve health care access and quality for individuals and communities; our website is www.healthprivacy.org. We support the development of an NHIN with strong and enforceable privacy and security rules in place and believe that the failure to achieve a privacy framework acts as a significant barrier to a robust and secure environment for e-health.

 

As stated, AHIC's mission is "providing input and recommendations to Health and Human Services on how to make health records digital and interoperable, and assure that the privacy and security of those records are protected, in a smooth, market-led way."[1] On July 28, 2006, your office invited HPP to serve as Co-chair of the newly forming CPS, whose general charge is to make recommendations to AHIC regarding the protection of personal health information in order to secure trust, and support appropriate interoperable electronic health information exchange. The original charge for CPS as discussed at the May 16, 2006 AHIC meeting also includes developing "a scope of work for a long-term independent advisory body on privacy and security policies."[2] The specific work of CPS has been focused in service to three of four AHIC breakthrough use cases.[3]

 

To date, CPS has met six times since August, 2006 and has produced just a single -- albeit useful -- set of recommendations on patient identity-proofing covering three of the four "original" use cases assigned to AHIC.[4] The patient identity-proofing recommendations are important, including limits on "no-touch" identity-proofing and segregation of identification documents from clinical information. All but one of this set was accepted by AHIC on January 23.[5] The last, regarding including CPS identity-proofing recommendations in processes conducted by the Certification Commission for Health Information Technology, is on AHIC's March 13 meeting agenda.

 

Nevertheless, these recommendations and expected CPS next steps are a far cry from a comprehensive and timely approach that would give privacy policy equal and necessary footing with interoperability and systems development efforts. Last month's Government Accountability Office report concluded that HHS has "not yet defined an overall approach for integrating its various privacy-related initiatives and addressing key privacy principles."[6] In fact, in a June 22, 2006 letter to Secretary Leavitt, the National Committee on Health and Vital Statistics urged HHS to take steps towards the development of policy for the privacy and security of personal health information on the NHIN. Sadly, most of the recommendations have not been addressed by HHS.[7] NCVHS Privacy and Confidentiality Subcommittee Chair Mark Rothstein is quoted in a recent New York Times story that "[h]ealth privacy has not received adequate attention at the Department of Health and Human Services. A sense of urgency is lacking."[8]

 

We appreciate the opportunity to serve with the CPS co-chair Kirk Nahra, and appreciate the efforts of ONC staff, including Jodi Daniel and Steve Posnack. The Health Privacy Project remains deeply committed to advancing e-health initiatives as a means to improving health care quality, reducing medical errors, lowering costs, and empowering people to better manage their own care and the care of their relatives and loved ones. We continue to be available to work with you and your staff to ensure that privacy and security policies and practices are at the core of this nation's e-health initiatives. Without such an assurance, people will continue to be subjected to discriminatory and unnecessary risks to their privacy and will be made vulnerable to job and benefit losses. We already know that the majority of people in this country fear that their health information is more prone to misuse in electronic form; we must not shirk  our duty to protect them from such harm.

 

Sincerely,

 

 

 

 

Janlori Goldman

Director

 

 

 

 

Paul Feldman

Deputy Director

 

 

 

 

 

cc:              Secretary Mike Leavitt

                  Kirk Nahra, Wiley Rein LLP

                  Jodi Daniel, ONC/HHS

                  Steve Posnack, ONC/HHS

                  Judy Sparrow, ONC/HHS

                  Sen. Edward M. Kennedy

                  Sen. Michael B. Enzi

                  Sen. Daniel K. Akaka

                  Sen. George V. Voinovich

                  Sen. Carl Levin

 

                  (continues)

 

February 21, 2007

Robert Kolodner, M.D.

Page 3

 

 

                  Sen. Susan M. Collins

                  Rep. Frank Pallone

                  Rep. Nathan Deal

                  Rep. John B. Dingel

                  Rep. Joe Barton

                  Rep. Fortney H. Stark

                  Rep. Dave Camp

                  Rep. Charles B. Rangel

                  Rep. Jim McCrery

 

 

________________________________

 

 

 

[1] Available at http://www.hhs.gov/healthit/documents/AHICminutes.pdf.

 

[2] Available at http://www.hhs.gov/healthit/documents/MeetingSummary20060516.pdf, p.

9.

 

[3] Available at http://www.hhs.gov/healthit/ahic/confidentiality/.

 

[4] The breakthrough areas are available on HHS's website as http://www.hhs.gov/healthit/community/breakthroughs/, but their working scopes have been constrained to be as follows: Registration summary and medication history for Consumer Empowerment workgroup; Secure messaging between provider and ambulatory patient for Chronic Care WG; Lab values and results for EHR WG. The fourth breakthrough area is related to the Biosurveillance WG and has been specifically called out by ONC as outside the subject of CPS efforts.

 

[5] Search for "Privacy" at

http://www.hhs.gov/healthit/documents/AHICBinder2_20071023.pdf to see the recommendations as presented to AHIC.

 

[6] "Health Information Technology: Early Efforts Initiated but Comprehensive Privacy Approach Needed for National Strategy," U.S. General Accounting Office, January 2007, available at http://www.gao.gov/new.items/d07238.pdf.

 

[7] Letter to Secretary Mike Leavitt from NCVHS Chair Simon Cohn, M.D., M.P.H., June 22, 2006, available at http://www.ncvhs.hhs.gov/060622lt.htm.

 

[8] Pear, R., "Warnings over privacy of U.S. health network," New York Times, February 18, 2007, available at http://www.nytimes.com/2007/02/18/washington/18health.html?_r=2&oref=slogin&oref=slogin.