This NYT article is getting a lot of looks recently. The GAO is chiding the Bush Administration for pushing for EHR and interoperability without a firm and realistic security plan in place:
The Bush administration has no clear strategy to protect the privacy of patients as it promotes the use of electronic medical records throughout the nation’s health care system, federal investigators say in a new report.
This topic is in the news more and more these days and is clearly on the minds of many. One interesting point I'd like to see clarified:
Several members of Congress have drafted legislation to clarify consumers’ control over such data. One proposal, by Senator Sam Brownback of Kansas and Representative Paul D. Ryan of Wisconsin, both Republicans, would establish health data banks in which people could store electronic copies of their medical records. Under the bill, a consumer would “maintain ownership over the entire health record” and could control access to it.
By contrast, under existing federal rules, hospitals and other health care providers generally do not have to obtain a patient’s consent to use or disclose information for “treatment, payment or health care operations.”
There's no mention of the logistics of the Brownback-Ryan proposal. One wonders if they have any idea how that would work, what strictures it would impose on the healthcare industry, whether it's at all feasible, etc. . . . For instance, if the "consumer" had control of what was in the "bank" there would still be data at the doctor's office. Would the bill address the individual locations and how they protect patient data? Would it be realistic to expect that the patient-controlled record could be used as an accurate, reliable record for doctors to work with? We've already seen protestations against PHR that allow patients to "edit" their records.
Is this even something that Congress can be trusted to deal with? Should the market be allowed to work out these issues? Is it too early to answer any of these questions??? Any ideas?