Bush: "[Electronic Health Records Must Be] Secure & Private(Except When They Aren't)

The Times warns that Bush administration policy of promoting and supporting electronic health records - promoted by the President under the aegis of preventing mistakes, reducing costs and improving care - is not backed up by the privacy protections the President promised. The times refers to the GAO report which makes this claim:

In the report, the Government Accountability Office, an investigative arm of Congress, said the administration had a jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers.

... the G.A.O. said the administration had taken only rudimentary steps to safeguard sensitive personal data that would be exchanged over the network. Senator Daniel K. Akaka, Democrat of Hawaii, who requested the investigation, said it showed that “the Bush administration is not doing enough to protect the privacy of confidential health information.” As a result, Mr. Akaka said, “more and more companies, health care providers and carriers are moving forward with health information technology without the necessary protections.”

... Mark A. Rothstein, the chairman of a panel that advises the government on health information policy, essentially agreed with the accountability office. “Health privacy has not received adequate attention at the Department of Health and Human Services,” said Mr. Rothstein, a professor of law and medical ethics at the University of Louisville School of Medicine. “A sense of urgency is lacking.”

Mr. Rothstein said “time is of the essence” because “the private sector is racing ahead” to establish medical record banks and health information exchanges. In December, he noted, Wal-Mart, Intel and other companies announced they were creating a huge database that could store the personal health records of more than 2.5 million employees and retirees. The companies promised they would have “stringent privacy policies and procedures.”

Mr. Rothstein said Congress should not provide more money for a nationwide health information network unless the administration did more to protect the privacy of electronic medical records.

Perhaps medical privacy protections are unnecessary, because after all we are protected by the Patriot Act. That helps ensure privacy, yes?