Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Privacy of Electronic Medical Information—Reply

Privacy of Electronic Medical Information—Reply In Reply: We recognize that the law is merely one means through which the privacy of personally identifiable health information about individuals may be improved in an electronic national health information infrastructure. While many view technology and the increasing computerization of health records as a major threat to privacy,1 we agree that technology is also useful in protecting privacy and security through encryption and other mechanisms. Uniform application of effective technological tools (which are still under development in the public and private sectors) may significantly improve individual privacy. Ultimately, however, implementation of these tools must be encouraged, if not required, by law. Interestingly, Dr Wilder suggests that the primary barriers to protecting privacy are those "entities whose interests are adverse to the protection of individual privacy," namely, health insurance companies and government. Although this view perhaps stems from political difficulties underlying the current failure by the US Congress to pass meaningful health information privacy legislation, the comment is contestable. Health information privacy has long been a concern of federal and state governments. Comprehensive protections already exist concerning the privacy of government-held identifiable health data in multiple settings (eg, government databases, health research, Medicare/Medicaid records, and public health).2 Market-based health insurance companies and other health care providers increasingly understand the need for uniform privacy protections to ensure the quality of health data and limit their own liability for breaches. They regularly obtain the informed consent of their customers prior to exchanging data (although informed consent alone does not adequately protect privacy). The call for national health information privacy legislation is intended to improve protections for all identifiable health data regardless of the setting.3 Since truly nonidentifiable data do not present individual privacy concerns, these data would not be subject to privacy restrictions. A consequence of our and most legislative and administrative proposals is that holders of health data would be encouraged to use nonidentifiable data whenever possible. Legitimate, communal needs for identifiable health data will still exist. Public health authorities, for example, often need to know individual identities to effectively track population-based diseases and conditions, provide follow-up services, and conduct longitudinal epidemiological studies.4 Utilization of unique identifiers concerning human immunodeficiency virus reporting, for example, has been problematic, although techniques and compliance are improving.5 An effective health information privacy law will set uniform, national protections that balance individual privacy and communal interests in health data while supporting the use of nonidentifiable data and technological safeguards. References 1. National Research Council, Committee on Maintaining Privacy and Security in Health Care Applications for the National Information Infrastructure, For the Record: Protecting Electronic Health Information. Washington, DC National Academy Press1997; 2. Gostin LO Health information privacy. Cornell Law Rev. 1995;80451- 528Google Scholar 3. Hodge Jr JGGostin LOJacobson PD Legal issues concerning electronic health information: privacy, quality, and liability. JAMA. 1999;2821466- 1471Google ScholarCrossref 4. Gostin LOLazzarini ZNeslund VOsterholm M The public health information infrastructure. JAMA. 1996;2751921- 1927Google ScholarCrossref 5. Gostin LOHodge JG The "names debate": the case for national HIV reporting in the United States. Albany Law Rev. 1998;61679- 743Google Scholar http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png JAMA American Medical Association

Privacy of Electronic Medical Information—Reply

Jr, James G. Hodge,; Gostin, Lawrence O.; Jacobson, Peter D.
JAMA , Volume 283 (12) – Mar 22, 2000
Download PDF
7 pages

Loading next page...
 
/lp/american-medical-association/privacy-of-electronic-medical-information-reply-0PwBlb8yWk

References (6)

Publisher
American Medical Association
Copyright
Copyright © 2000 American Medical Association. All Rights Reserved.
ISSN
0098-7484
eISSN
1538-3598
DOI
10.1001/jama.283.12.1565-JLT0322-7-1
Publisher site
See Article on Publisher Site

Abstract

In Reply: We recognize that the law is merely one means through which the privacy of personally identifiable health information about individuals may be improved in an electronic national health information infrastructure. While many view technology and the increasing computerization of health records as a major threat to privacy,1 we agree that technology is also useful in protecting privacy and security through encryption and other mechanisms. Uniform application of effective technological tools (which are still under development in the public and private sectors) may significantly improve individual privacy. Ultimately, however, implementation of these tools must be encouraged, if not required, by law. Interestingly, Dr Wilder suggests that the primary barriers to protecting privacy are those "entities whose interests are adverse to the protection of individual privacy," namely, health insurance companies and government. Although this view perhaps stems from political difficulties underlying the current failure by the US Congress to pass meaningful health information privacy legislation, the comment is contestable. Health information privacy has long been a concern of federal and state governments. Comprehensive protections already exist concerning the privacy of government-held identifiable health data in multiple settings (eg, government databases, health research, Medicare/Medicaid records, and public health).2 Market-based health insurance companies and other health care providers increasingly understand the need for uniform privacy protections to ensure the quality of health data and limit their own liability for breaches. They regularly obtain the informed consent of their customers prior to exchanging data (although informed consent alone does not adequately protect privacy). The call for national health information privacy legislation is intended to improve protections for all identifiable health data regardless of the setting.3 Since truly nonidentifiable data do not present individual privacy concerns, these data would not be subject to privacy restrictions. A consequence of our and most legislative and administrative proposals is that holders of health data would be encouraged to use nonidentifiable data whenever possible. Legitimate, communal needs for identifiable health data will still exist. Public health authorities, for example, often need to know individual identities to effectively track population-based diseases and conditions, provide follow-up services, and conduct longitudinal epidemiological studies.4 Utilization of unique identifiers concerning human immunodeficiency virus reporting, for example, has been problematic, although techniques and compliance are improving.5 An effective health information privacy law will set uniform, national protections that balance individual privacy and communal interests in health data while supporting the use of nonidentifiable data and technological safeguards. References 1. National Research Council, Committee on Maintaining Privacy and Security in Health Care Applications for the National Information Infrastructure, For the Record: Protecting Electronic Health Information. Washington, DC National Academy Press1997; 2. Gostin LO Health information privacy. Cornell Law Rev. 1995;80451- 528Google Scholar 3. Hodge Jr JGGostin LOJacobson PD Legal issues concerning electronic health information: privacy, quality, and liability. JAMA. 1999;2821466- 1471Google ScholarCrossref 4. Gostin LOLazzarini ZNeslund VOsterholm M The public health information infrastructure. JAMA. 1996;2751921- 1927Google ScholarCrossref 5. Gostin LOHodge JG The "names debate": the case for national HIV reporting in the United States. Albany Law Rev. 1998;61679- 743Google Scholar

Journal

JAMAAmerican Medical Association

Published: Mar 22, 2000

There are no references for this article.