By Deven McGraw, Director, Health Privacy Project, Center for Democracy & Technology
Grantees brainstormed issues arising in three categories: provider liability concerns, assuring the security of information transmitted between portable devices and other computer systems, and the lack of privacy protections for many types of personal health records. The Manatt-CDT team will use this input to develop materials that recommend potential solutions to some of the more critical policy challenges.
Although we are still digesting these materials, I came away with these initial impressions:
- These open policy issues are clearly very important to grantees. When we asked for feedback in the session, the response was almost overwhelming.
- Some issues showed up in more than one category, which of course underscores their cross-cutting nature and suggests a high degree of interdependency: resolving concerns in one area can help us alleviate issues in another. For example, if we had privacy and security provisions that covered health information regardless of who holds it, we would have less need to focus on whether information shared with a patient by mobile phone is or isn’t “PHI”.
- Some of the concerns raised in the legal/policy issues discussion were also raised in grantee discussions about the operational challenges for their projects. For example, grantees discussed the challenge of getting the clinicians or care teams to incorporate patient data into their records and workflow. This operational challenge is closely related to the legal challenge of providers’ concern about liability for responding to patient-generated data. A thoughtful solution involving careful management of expectations of both patients and providers/care teams should help address concerns in both areas.
- A number of the concerns raised by grantees targeted clear gaps or uncertainties in the law – for example, what protections are available for data entered by patients onto social networking sites or what are entities’ specific responsibilities with respect to the security of mobile devices used by providers to communicate with patients. Further efforts by the Manatt-CDT team will likely focus on these gaps and suggest potential solutions for further consideration by the public, industry stakeholders, and policymakers.
- Grantees also raised some issues that are fairly well covered by existing state and/or federal law, but different interpretations of the law, or risk averse behavior on the part of health care organizations and institutions, leads to uncertainty and an unwillingness to take action or experiment with different care models. Cutting through these “interpretation” challenges is probably the most difficult hurdle of all.
Watch video of the brainstorming sessions: