Nice Article found at iHealthbeat
We should stop pretending that there is nothing political about establishing a network with the commendable objective of reducing medical errors. Despite the motivation provided by the Institute of Medicine's report suggesting thousands of lives would be saved by reducing medical errors and despite the thin veneer of bipartisan support demonstrated by former House Speaker Newt Gingrich (R-Ga.) and Hillary Clinton (D-N.Y.) sharing the stage as cheerleaders, we simply do not have a consensus on how to use electronic health data.Most of us like the idea of having new health information tools, but we disagree on how to use them in many areas. The debate is not only between privacy advocates and business interests. It's also about abortion and reproductive rights. It's about the discrimination that exists over sexuality, mental health, disabilities of all kinds and genetics. This is no screed over the U.S.'s piecemeal approach to confidentiality. That's the way we do things here. We cut deals where we can and avoid the issues that are too contentious. We call that incremental progress. And that is the inherent problem we confront as we muddle along in electronic records. The policies we adopt to govern a national system of electronic records will only reflect those political areas in which there is no strong opposition. And that's not counting the debate over technology, which has not been easy either.So the health care system is not likely to get simpler or significantly more efficient any time soon because of electronic records.If we dodge the social issues surrounding the information, what does that leave us with?Let's remember how we got here: The debates over HIPAA -- the source of the neglected first-born electronic health record.
HIPAA Hoppin' Down Memory Lane
The road to EHRs did not get off to a rousing start if you consider that the health care industry couldn't agree on a common billing format. So it asked the federal government to impose one in HIPAA. Medical privacy and data security requirements were the price. Recognizing that medical privacy was a broader issue than health care billing, Congress gave itself three years to pass a comprehensive approach. The environment got messier when Congress failed to pass comprehensive legislation in 1999 as planned. The Senate tried to put something together, but nothing could pass the Senate Health, Education, Labor and Pensions Committee. The Newt Gingrich House did not seriously consider legislation except for a few hearings and a last-minute political exercise to deprive the Democrats of an issue in the 1998 midterm elections.Why didn't Congress act?Abortion. Abortion is always a show-stopper in Washington.Ironically, one of the other reasons was states' rights. In addition to traditional concerns over pre-emption, many states had already imposed special protections for HIV, genetics and other sensitive areas. No one was going to put a cap on the privacy of that information. Even if you put abortion aside, there are other telling examples of our aversion to dealing with the issues raised by more easily sharing health information. The fear of pain is preventing Washington from even discussing state workers' compensation programs. The anxiety in this area is so intense that no one even mentions the fact that HHS has done nothing to develop the HIPAA transaction standard for a first report of injury.
A Makeshift Rule
For those who think bureaucrats like nothing better than to write rules, they do. But you'd be wrong about HIPAA. HHS hoped Congress would expand on the limited language in HIPAA. The department knew that whatever rule it wrote would be complicated and incomplete.And that's what we got. HHS ended up writing a makeshift rule that generated almost a half a million words of regulation and explanation. And it had to stretch to cover health care contractors.Predictably, the rule spawned confusion and hostility from every direction. One problem was that the public was unaware of the new and legitimate ways their health information was zipping around the cosmos.Another problem was that patient data was free prior to HIPAA. New health care industries were born from our new ability to generate and manipulate large amounts of patient data. The cost of entry was relatively modest. Asking for patient permission for data requires money. The HIPAA privacy rule, much in the same way environmental rules changed industrial America, changed the business model for health care. Electronic records will change the business model further.
Live Free or Die
While most of us could easily respond to a choice between health and privacy, i.e., life and death, most of us also would still insist on a certain quality of life free from intrusion. However, we should not forget that the special protections for psychotherapy, substance abuse, HIV, genetics and other sensitive areas did not arise in a vacuum. We're pretty touchy about certain topics either on principle or out of fear of discrimination.A good example of our touchiness was the public outcry in the summer of 1998 when the National Committee on Vital and Health Statistics held hearings in Chicago on the creation of a unique patient identifier mandated by HIPAA. The flap caught policymakers by surprise. After all, a unique patient identifier was the logical way to go to efficiently operate an electronic billing system.Policymakers, however, failed to account for the public's fear of government intrusion and the potential for a national citizen's database. (It's hard to tell how that would play out in today's debate over immigration.) The opposition was so heated and widespread that those in Washington were treated to a congressional hearing in which Ralph Nader and Phyllis Schlafly both testified in opposition to the patient ID. In response to the outcry, Congress imposed and continues to impose a funding moratorium on any work on the patient identifier.This was even before the proposed HIPAA privacy rule was issued in 1999.
Those Pesky States
States' rights helped kill a comprehensive medical privacy bill in the late 1990s. Ironically, that issue is stalling electronic records now.Ten years ago during the congressional debate over medical privacy, Sens. Patrick Leahy (D-Vt.) and Robert Bennett (R-Utah) were trotting out charts showing how states had few or no laws to protect medical privacy.But Congress failed to act by 1999 after raising the alarm that the states didn't protect patient data.Then what happened?States went on a tear to adopt medical privacy laws. Because the states tried to fill the void left by Congress' failure to act, there now is a "problem."
Still No Stomach To Expand HIPAA -- What Now?
There was a growing recognition that the HIPAA privacy rule had to change to meet the new world of EHRs. The National Committee on Vital and Health Statistics, for example, explicitly said that the HIPAA privacy rule was not capable of dealing with all the issues raised by EHRs -- and most notably electronic records controlled by consumers.To be clear, the HIPAA privacy rule was designed to regulate EHRs -- just not all of them and not everyone who had access to them. So here we are 12 years after HIPAA became law. Congress still faces the same issues: abortion and state preemption. But now it also has to confront how to deal with many more organizations and business interests that should be covered by medical privacy rules because of PHRs.However, Congress is not seriously entertaining a HIPAA rewrite. It's trying to reach agreement on the tools for sharing health information and studiously ignoring how political the information itself is. For patients, going to the doctor is ... well ... going to the doctor. The problem is that the information is sliced and diced by regulations and criminal statutes that defy comprehension and planning.We have a 52-room structure (don't forget the territories) with federal floors and Chinese walls but very little in the way of a roof that provides comprehensible protection. And the plumbing is a mess.How do EHRs and PHRs that cross state lines deal with state laws with differing ages of consent and child abuse reporting requirements or state mental health and genetics laws or the state health privacy rules under the Gramm-Leach-Bliley Act or The Family and Medical Leave Act or The Family Educational Rights and Privacy Act ... you get the idea. Congress is trying to reach agreement where agreement can be reached on technology and doggedly leaving the rest of the issues to work themselves out ... or not.So if you thought the HIPAA privacy rule was confusing, brace yourself for privacy regulation in the world of national EHRs. I think we can agree on that.
Source: iHealthBeat(by Dennis Melamed)