A Good Day for Health Privacy

Today’s Health IT News was focused on the Health IT Policy Committee’s discussions about adding some flexibility to the criteria that health care providers and hospitals will have to meet in order to be “meaningfully using” health IT.  Only “meaningful users” are eligible for to receive federal funds under the stimulus legislation (ARRA) to purchase electronic health records.  

 

That news should not overshadow two important health privacy developments that also occurred yesterday. First, the Policy Committee endorsed a recommendation from its Privacy and Security Workgroup (which CDT co-chairs) that providers and hospitals who are fined for significant civil or a criminal HIPAA violation should be ineligible for a health IT incentive payments. In short, you cannot be “meaningfully using” health IT if you are willfully neglecting or intentionally violating federal health privacy and security rules. This particular meaningful use recommendation – and other meaningful use requirements that are aimed at promoting privacy and security – was not among those eligible for “flexibility.”   

 

Second, the Office of the National Coordinator for Health IT announced that it had appointed Joy Pritts to be the Office’s first ever Chief Privacy Officer. Joy is an alum of the Health Privacy Project (before it was merged into CDT), and has spent more than a decade working on health privacy. CDT has worked closely with Joy in the past, and we look forward to working with her to promote a comprehensive framework of privacy and security protections for electronic health information.