The Center for Democracy and Technology (CDT), through its Health Privacy Project, promotes comprehensive privacy and security policies to protect health data as information technology is increasingly used to support the exchange of health information. CDT, along with those listed at the end of this letter, submitted these comments in response to the July 7th, 2010, notice of proposed rulemaking (NPRM) issued by the Dept. of Health and Human Services (HHS) Office of Civil Rights.
Health information technology (health IT) is poised to transform patient-provider interaction and the delivery of health care, but will also exacerbate privacy risks if comprehensive regulatory safeguards are not in place. A comprehensive framework of privacy and security protections, including greater transparency regarding uses and disclosures of personal health data, is crucial to consumer trust in health information technology and health information exchange.
The privacy provisions in the HITECH portion of the American Recovery and Reinvestment Act of 2009 took significant steps toward establishing this comprehensive framework. We are encouraged that many of the provisions in the NPRM would further strengthen patient privacy, data security and enforcement of the law. However, several proposals need clarification and others should be reconsidered.