- April 27, 2009
Nothing is more sensitive than medical data, so the idea of putting it into digital form and exchanging it across computer networks doesn’t sit well with a lot of groups concerned about patient rights. They worry that the data could be sold to marketing firms or used against the patient. A major concern, for example, is that employers could use health history to deny jobs to potential employees.
As a result, privacy has been a major hurdle to health information exchange initiatives, as privacy advocates have lobbied hard against any health IT measure that precludes the strongest possible protections.
Besides providing money for health IT, the American Recovery and Reinvestment Act (ARRA) of 2009 addresses this issue by beefing up the framework of existing privacy protections. These new protections include:
• giving state attorneys general the ability to enforce privacy breaches;
• requiring a patients’ authorization in the sale of their health information; and
• giving patients the right to ask for an audit trail showing all disclosures of health information made through an electronic record.