One need look no further than the recent revelation that a laptop containing the personal information of thousands of participants in a National Institutes of Health clinical trial was stolen from the trunk of a car to understand that the concerns about privacy are well founded.
Current health privacy protections provided under the Health Insurance Portability and Accountability Act are important, but there are weaknesses and gaps that leave many critical privacy issues unresolved and many new players in the health information data chain outside of the legal regime.
This is a critical time for health information privacy. Consumers want the benefits of HIT-enabled health care and at the same time they want assurances that their privacy will be protected.
That's why my organization has joined forces with the Health Privacy Project to create a new initiative that will take on the key policy questions: What is the proper role of notice and consent in this new environment? How do we ensure the right of patients to access their own records in electronic format? What policies and laws should govern new Internet-based PHRs? What secondary uses of patient data should be allowed, and under what conditions? What enforcement mechanisms need to be provided at the federal level?
To get privacy right, we will need to ensure that policies work with, rather than against, the complex realities of an interconnected health care system. Those who view privacy as a barrier to a 21st century health care system are simply wrong. Privacy must be seen as an essential enabler of that vision. We can achieve harmony between privacy and health care, but to do so we have to reimagine both.
Leslie Harris is president and CEO of the Center for Democracy & Technology.