How to keep sensitive patient data private while meeting the federal e-health records mandate was an issue central to last week's Computers, Freedom and Privacy conference. And though the question has been debated for years, health care providers, insurance companies and other organizations subject to the Health Insurance Portability and Accountability Act will have to wrap up that debate soon.
internetnews.com reports that the Department of Health and Human Services is gathering public comment on e-health record privacy protections and will release its rules by the end of the year.
Provisions in the American Recovery and Rehabilitation Act of 2009 amended HIPAA to apply its privacy and security requirements to providers (like Google and Microsoft) that offer personal health portals, but exactly how that application is going to look, and what it's going to mean for those providers is still unclear. Frank Torres, Microsoft's director of consumer affairs, says simply, "The business community would appreciate some more certainty."
Most e-health portals depend on patient control of the information that goes in and out, but they will only work if patients are honest about their records. The other sticky issue, according to Blue Cross/Blue Shield Association managing director Joel Slackman is how to remain compliant with the various state laws addressing patient privacy given that some of them conflict. "You don't even know that a law's conflicting until it smacks you in the face, sometimes," he says.