Policy and Technology Experts Agree on Need for Privacy, Access and Identity for Healthcare Information
Jun-03-09 Highlights from National Press Club Briefing Co-hosted by Smart Card Alliance/Secure ID Coalition Princeton Junction, N.J., - Privacy, access and identity are vital to the Obama administration’s effort to modernize the nation’s healthcare information infrastructure, a panel of policy and technology experts told healthcare industry leaders, public policy makers and policy-influencing organizations at a National Press Club briefing in Washington DC last week. The event was co-hosted by the Smart Card Alliance Healthcare and Identity Councils and the Secure ID Coalition. A video of all of the presentations from the healthcare identity and privacy briefing are available online. The topic is timely because healthcare IT is getting nearly a $19 billion boost from the American Recovery and Reinvestment Act of 2009. The speakers agreed the sense of urgency and massive investment are good news, but that time pressure might also cause problems. “There is a risk we will focus too much on standards for electronic health records (EHRs) and ways to exchange them at the expense of sound privacy and identity models,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “The critical issues are getting control over who has access to healthcare information, and correctly tying the right individual to his or her health records. That means identity management and access authentication security have to be baked-in from the start, not tacked on at the end.” Correctly identifying patients and their records is difficult just within a single hospital, but gets far worse between multiple institutions, according to a leading practitioner and specialist on the subject, Paul Contino, vice president, Information Technology, at Mount Sinai Medical Center in New York. He cautioned that identity management must be addressed correctly up front or “we’re going to have problems with the linkages of electronic medical records” on a regional or even national basis. Mount Sinai revamped patient registration processes and implemented a smart card-based patient card to more accurately link individuals to their medical and administrative records. Hospitals and other stakeholders also face significantly stronger privacy and security rules along with new financial penalties for violators, according to Richard D. Marks, co-founder and president, Patient Command, Inc. Marks said the healthcare “HITECH Act of 2009” provisions in the American Recovery and Reinvestment Act are a direct effort by the new administration to extend and enforce HIPAA (Health Insurance Portability and Accountability Act) regulations that were largely ignored until now. To put teeth in the enforcement effort, the new legislation has created health record data breach notification rules, fines for failure to protect personal health information and rights for complainants to share in civil monetary penalties levied on offenders, providing a big incentive for whistleblowers. The civil and criminal penalties are not limited only to institutions, but apply equally to negligent CEOs, CFOs, CIOs and board members, including
issues inhibiting the industry. Healthcare Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects. About the Smart Card Alliance The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.smartcardalliance.org. FindBIOMETRICS.com has comprehensive information biometrics healthcare solution providers, please visit us.