Deborah Peel, MD, founder of the Coalition for Patient Privacy, asked the Health Information Technology (HIT) Policy Committee to “set a really high bar for privacy" during a hearing last Friday.

“We’re asking you to meet Americans’ expectations of what it takes to trust these [electronic health record] systems,” Peel said.

Jodi Daniel, director of the Office of Policy and Research at the Office of the National Coordinator for Health IT (ONC), opened Friday’s meeting and called privacy and security the fundamental building blocks for meaningful use of healthcare IT.

Daniel discussed the key privacy aspects of the American Recovery Reinvestment Act (ARRA) for which the HIT Policy Committee is responsible for providing guidance, including:

• Technologies that protect the privacy of health information and promote security in an EHR;
• Segmentation and protection from disclosure of specific and sensitive individually identifiable health information (IIHI) with the goal of minimizing the reluctance of patients to seek care;
• Use and disclosure of limited data sets;
• Infrastructure that allows for accurate exchange;
• Technologies for an accounting of treatment, payment and health operations disclosures;
• Technologies that allow IIHI to be rendered unusable, unreadable or indecipherable to unauthorized individuals; and
• Methods to facilitate secure access to personal health information by an individual or person assisting in care.

In her testimony, Peel quoted a recent report prepared for the Agency for Healthcare Research and Quality (AHRQ) that concluded that healthcare consumers believe they should have a say about the development of health IT systems in order to protect the security and privacy of their own medical information.

The AHRQ report found that issues of privacy and security were the main concerns of a large majority of the participants, and they felt they “owned their data and needed a role in ensuring those data were secure and used only in ways that they authorized.” They also had concerns about unauthorized persons getting access to their information and that the information could be used for purposes other than to provide care.

Americans “want to know and want to be asked” about who is going to use to their healthcare data, Peel said.

Peel complained that the issues of patient privacy and security are being considered late in the HIT discussion.

“The cart has been put in front of the horse,” she said. “Plans have already been made and worked on for many years. But privacy issues are foundational and really belong at the beginning. Insuring [patient] control of the data is the only way we’re going to get a trusted HIT system.”