Privacy called central to winning converts to EMRs

Last week, we called the fact that CMS has no permanent administrator the elephant in the room and several other clichés. Well, there's another elephant or 800-pound gorilla or what-have-you in a very crowded room: privacy.

"Warning: Patient privacy could complicate the blueprint for an electronic medical records system," screams the opening line--in italics--of a Congress Daily story about the federal government's push for a system of interoperable EMRs."Two Health and Human Services Department advisory committees are hard at work on blueprints for both [policies and standards], but some worry privacy safeguards will be an afterthought," the story says.

Roger Baker, CIO at the Department of Veterans Affairs warned of such during a meeting of the Health IT Policy Committee this summer. "Sometimes you can recognize something is a key issue, but if you don't make it plainly and bluntly obvious, you'll lose the momentum to convince people," he said, arguing that privacy hasn't been central to the discussions of "meaningful use" of EMRs. Baker added that the VA has stepped up its privacy and security efforts, stripping records of Social Security numbers, ever since a 2006 laptop theft that could have put the medical records of 26.5 million veterans in the public domain.

Privacy advocate Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, gave lukewarm praise to the HHS decision to move HIPAA security enforcement from CMS to the Office for Civil Rights, which already oversees the privacy regulations. "But it will only be useful if it means at least the same level of resources for enforcement overall and not a diminishment," McGraw said.

To learn more about the delicate issue of EMR privacy:
- read the Congress Daily story, as published in NextGov