White House efforts to protect medical data 'getting worse'

When it comes to protecting the privacy of medical information, the Obama administration has slipped from its high mark in 2009, according to the annual "Privacy Report Card" from the Electronic Privacy Information Center.

EPIC, as the group is known, gave the administration a B for medical privacy in 2010, down from an impressive A-minus a year earlier. The Obama administration scored high in 2009 for the enactment of American Recovery and Reinvestment Act. EPIC called the HITECH provisions of the stimulus legislation "one of the best privacy laws in years."

But 2010 has been marked by mixed signals on healthcare privacy, according to EPIC. The White House was prepared to endorse a weak data breach notification rule but backed off," the report card says. "Secretary Sibelius [sic] has expressed support for stronger patient control. Still, implementation of the privacy provisions in the 2009 law have slowed. Privacy experts are underrepresented on key committees and the willingness of the White House to press for strong safeguards for patients remains unclear.

"With millions of patient records moving online, we think the White House needs to show more effort. This has been a strong subject for the administration in the past. It can be so again."

EPIC also believes the administration has slipped in the area of civil liberties, from a C-plus in 2009 to a D in 2010. The grade for cybersecurity held steady at a B, while EPIC gave the White House a C for consumer privacy. The administration registered an incomplete in this area last year.

"Our bottom-line assessment is that with respect to privacy, things are getting worse," EPIC Executive Director Mark Rotenberg tells Computerworld.

"I view this as a failure of the administration to deliver on the privacy promises provided in the [HITECH] bill," EPIC board member Latanya Sweeney, a professor of computer science, technology and policy at Carnegie Mellon University, adds. "They have lost an opportunity to use incentives to foster better privacy."

For greater detail:
- read this Computerworld story
- download the EPIC Privacy Report Card (.pdf)