Patient Privacy & Health Information Technology

National Committee on Vital & Health Statistics

Subcommittee on Privacy & Confidentiality

February 24, 2005

Linda Golodner, President
National Consumers League

The National Consumers League appreciates being invited today to present the views of consumers on this very important privacy concern. I am here today to provide a patient-oriented perspective on the issue of privacy in the context of health information technology. I will begin my comments with an overview of NCL, and then transition to a discussion of key privacy principles that should govern development of the national health information network (NHIN) as directed by David Brailer at the Office of the National Coordinator of Health Information Technology.

Overview of the National Consumers League

The National Consumers League is a private, nonprofit advocacy group that uses education, research, advocacy, investigation, publications, and public/private collaboration to accomplish its mission of representing consumer interests on marketplace and workplace issues. Formed in 1899, we are the nation’s oldest consumer organization, committed to protecting, representing, and advancing economic and social justice for consumers and workers here and abroad.

For over 100 years, NCL has provided government, businesses, and other organizations with the consumer’s perspective on social concerns including child labor, privacy, food safety, and healthcare. We have been involved in examining, commenting, and testifying about the invasion of personal privacy for a number of years. In fact, NCL held a privacy conference 15 years ago which looked at the issue and have surveyed consumer opinion and published and distributed consumer education materials on the issue.

A natural extension of our work is the recent initiation of the SOS Rx Coalition – a collaborative coalition dedicated to promoting outpatient medication safety, initially among seniors. One of the Coalition’s efforts is directed at improving medication safety through encouraging broader use of electronic prescribing systems. While electronic prescribing represents just the tip of the iceberg, our recent exploration of this topic has stimulated a broader consideration of how to retain consumer-focused privacy principles as we move forward.

Consumer-focused Principles

For both patient safety and health care system efficiency reasons, NCL believes it is critical that we build and drive a movement toward rapid development of a national health information network. We must not however, in our rush to deliver “something” abandon the very principles of privacy that have enabled patients and providers to forge a relationship of trust. In fact, in his keynote address at the Healthcare Information and Management Systems Society (HIMSS) annual meeting in Dallas last week, Dr. Brailer referred to the issue of patient privacy as being “on the forefront” of nearly all of the 500 RFI responses his office received last month.

In development of the NHIN, NCL urges policy makers within HHS to integrate the following principles into the design:

1)      Information access and control

a.       At a minimum, the NHIN structure and rules must facilitate the ability of people to exercise their personal health information rights under the Health Insurance Portability and Accountability Act (HIPAA).

b.      People must have the ability to control who has access to/permission to use their personal health information over the network – either directly or through the action of a designated proxy [or by choosing not to exercise that control]. This control can be exercised in whole or only with regard to selected types of data elements, but the decision to share should be made without coercion or pressure.

i           If people fear inappropriate disclosure and do not trust the network, they may become less willing to seek care or provide consent to share even that information to which they otherwise would allow access.

c.       People should have the ability to review accesses made to their personal health information. Each individual or entity accessing personal health information over the network should possess a unique digital signature, through which patients can have access to a standardized profile of the entity or individual reviewing their personal health information. .

d.      No personal health information should be available to a provider or health professional that is not also available to the person it describes (with exception for cases of danger to the patient).

e.       Unreasonable or unaffordable fees should not impair the ability of each person to review or contribute to their personal health information on the NHIN.

f.        People must be able to, at their liberty, add comments or annotations to their personal health information.

g.       People must be able to request amendment or correction of their personal health information and receive a timely response to the request.

h.       The NHIN must provide a sound method for allowing secure access and authenticating individual patient users that does not require physician or institutional mediation.

i.         People must have the ability to designate (and withdraw designation from) proxies who have full authority to manage their personal health information on the network.

2)      Disclosure and accountability

a.       Before a provider initiates a transfer of personal health information through the exchange, affected individuals should fully understand the policies in place and the possible uses of that information. (First-time disclosure is sufficient for subsequent transactions, so long as the patient has the ability to change “default settings” at any time (see point 1i.))

b.      Information elements central to network functioning, such as identifiers, authorizations and permissions, access histories, and index entries, must be presented in easily understood terms and formats to patients, consumers, and other authorized users for their review and possible correction or control.

c.       People should be informed of all of the possible ways their information may be used and must be able to choose whether to make their personal health data available for such use in various systems. Clarification note: the NHIN must permit for distinction between data storage and data use. For logistical reasons, maintaining all patient information in the network may prove necessary. However, all stakeholders need to understand that, just because data are physically available, this does not necessarily mean they can be accessed for use. Point 1b. under “Access and Control” would apply.

d.      Communications with people about the policies and uses of their information in the exchange must be conducted in simple, easily understood language.

e.       States should adopt common operating standards for data security and patient privacy protection, including established clearly described penalties for violations not covered by HIPAA (such as identity theft), and an accountable means for violation monitoring and prosecution.

f.        People must be able to receive complete paper copies of any of their information available across the national network.

3)      Functionality

a.       The NHIN must provide the capability for people to reliably and securely move all or portions of their personal health information from one health care entity to another.

b.      The NHIN should permit the aggregation of non-identifiable data in support of quality measurement, provider and institutional performance assessment, prescription drug monitoring, patient safety, public health and other public interest objectives.

c.       Non-identifiable data sets generated from the NHIN should not be used for insurance underwriting or other commercial applications intended to provide preferential pricing or services to one group over another. Preferential pricing would not include differential payment to providers in recognition of quality performance.

d.      Implementation of NHIN must be accompanied by a significant public education program so that people understand the value of the network, its privacy and security protections, how to participate in it, and the rights and benefits afforded to them.

e.       The NHIN must permit patients to transmit information to their health care providers as well as receive information from them.

4)      Governance

a.       Consumer and patient advocates must have significant representation in the governance and advisory structure of all regional and national NHIN authorities, including standard-setting and operational entities.

b.      The governance and administration of the NHIN must be public, transparent, and accountable.

Closing Thoughts

In considering these principles, NCL suggests that you view them in their totality, as removing even one of these critical components could have serious implications for the integrity of the system as a whole. For example, elimination of point 1b (ability to control access) could completely undermine consumer trust in the network, and likely result – in many cases – in reluctance to seek necessary care.

Furthermore, NCL strongly urges HHS to leverage the interest of consumer advocacy groups in this arena. We believe that consumer demand – calling for core health data to be available easily and securely in electronic form is critical to broadening access to – and improving quality of – health care in the US.

Many consumer groups recognize that today’s fragmented, paper-based system is not only inefficient, but also subjects patients to unnecessary risks. These groups are eager for support to engage with policy makers in a meaningful dialogue about how best to educate and motivate their constituencies. We look forward to working with you on this issue of great concern to consumers.