Companies hoping to capitalize on the dismal state of healthcare IT in the U.S., beware: You're very likely underestimating the political difficulty of establishing a coherent national system of electronic medical records.
That's the message delivered by Dennis Melamed, editor of the newsletter Health Information Privacy/Security Alert, in a perspective over at iHealthBeat (free registration required). The nascent push for electronic records, he suggests, is bound to run into deep-seated political disagreements and conflicting state regulations involving medical privacy, reproductive rights, child-abuse reporting and mental health.
Melamed notes that when Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which sets privacy protections for medical information, it never spelled out in detail what it wanted on that front -- largely because legislators couldn't agree on how and whether to overrule existing laws that alternately limited or expanded medical privacy in various states.
The same problems exist today, particularly where so-called "personal health records" such as Google Health are concerned. These services aren't bound by federal medical-privacy laws, but could end up whipsawed by conflicting state rules because Congress itself can't figure out how to set national standards. As Melamed writes, using the common acronyms for electronic and personal health records:
How do EHRs and PHRs that cross state lines deal with state laws with differing ages of consent and child abuse reporting requirements or state mental health and genetics laws or the state health privacy rules under the Gramm-Leach-Bliley Act or The Family and Medical Leave Act or The Family Educational Rights and Privacy Act ... you get the idea.Further reading: I previously discussed seven shortcomings of Google Health and its underwhelming privacy-protection policy, as well as the first signs of a backlash against electronic medical records.
Congress is trying to reach agreement where agreement can be reached on technology and doggedly leaving the rest of the issues to work themselves out ... or not.
So if you thought the HIPAA privacy rule was confusing, brace yourself for privacy regulation in the world of national EHRs.