Law in the Internet Society
WORK IN PROGRESS

It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.

Paper Title

-- By BrendanMulligan - 09 Jan 2010

Introduction

In its 1999 report, To Err is Human: Building a Safer Health System, the Institute of Medicine claimed that preventable medical errors cause as many as 98,000 deaths per year in the United States and upwards of $29 billion annually in lost income, lost household production, disability, and additional health care costs. [http://en.wikipedia.org/wiki/To_Err_is_Human] According to the report, decentralization and fragmentation of the health care system are major causes of these errors. Providers lack access to complete patient data at the point of care.

Establishing a Nationwide Health Information Database

The most common response to this problem has been funding a nationwide health information network in which a variety of health care providers could update and access a singular database. For example, Section 937(f) of the Senate’s health care reform bill states: ‘‘[The government] shall provide for the coordination of relevant Federal health programs to build data capacity for comparative clinical effectiveness research, including the development and use of clinical registries . . . to develop and maintain a comprehensive, interoperable data network to collect, link, and analyze data on outcomes and effectiveness from multiple sources, including electronic health records.” (1683-1684 of the bill [http://www.forhealthfreedom.org/BackgroundResearchData/SenateHealthReform/SenateHealthReformBill_11-19-09.pdf.])

Potential Problems

A nationwide health information network comes with a host of issues. Much of the debate surrounding health care information centers on safeguarding data from being lost, stolen or mishandled. [http://www.huffingtonpost.com/2009/11/13/health-industry-winning-r_n_357476.html] See also, Robert A. Gerberry, Legal Ramifications of the Formation of Digital Hospitals, 14 Health Law 27, June, 2002. “Faced with stories of confidential medical records being accidentally posted on a web site, and being emailed to all members of a computer network, patients continue to fear the misuse of confidential medical information. Online providers need to protect against the electronic misappropriation of health information by complying with confidentiality laws that seek to protect patient information.”

These concerns are legitimate. In a recent survey of IT professionals, seventy percent said senior management does not view privacy and data security as a priority. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Eighty percent of respondent organizations had experienced at least one incident of lost or stolen electronic health information in the past year. [http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Electronic%20Health%20Information%20at%20Risk%20FINAL%201.pdf] Over the last few years, the personal health information of hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. [http://www.nytimes.com/2009/01/18/us/politics/18health.html]

However, security need not even be breached to release private health information. The dissemination of this information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) medical privacy rule. HIPAA permits patients’ personal health information to be shared among more than 600,000 organizations without patients’ consent. 45 C.F.R. § 164.506 states that with limited exceptions “a covered entity may use or disclose protected health information for treatment, payment, or health care operations as set forth in paragraph (c) of this section.” Health care operations are defined extremely broadly, leaving almost no discernible restrictions. It includes activities such as business planning, management and administration, the sale or transfer of a covered entity, fundraising, and data analysis for plan holders or other sponsors. [link].

“However, because regional health information organizations could increase circumstances under which patient data may be inappropriately accessed, some parties have argued that regional health information organizations should adopt additional procedures to help ensure that data are used only for the intended purposes.”


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" on the next line:

# * Set ALLOWTOPICVIEW = TWikiAdminGroup, BrendanMulligan

Note: TWiki has strict formatting rules. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of that line. If you wish to give access to any other users simply add them to the comma separated list

Navigation

Webs Webs

r2 - 20 Jan 2010 - 04:50:36 - BrendanMulligan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM