Skip to Content

CDT Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill

Brock N Meeks, CDT
(202) 637-9800 ex. 114
(703) 989-3547 (CELL)

Washington — CDT applauds Congress for including critical privacy and security protections in the health information technology (health IT) portions of the American Recovery and Reinvestment Act of 2009, the proposed economic recovery bill.

“Now is the critical time for addressing privacy,” said Deven McGraw, director of the Health Privacy Project at CDT. “Restoring public trust after it has been undermined by a high profile privacy violation, is far more difficult, and more expensive, than building it into the design of health IT systems from the beginning,” McGraw said. “Ensuring adequate privacy and security protections for electronic health information will help facilitate the widespread adoption of health IT.”

The bill’s privacy provisions include the following:

  • Stronger protections against the use of personal heath information for marketing purposes;
  • Accountability for all entities that handle personal health information;
  • A federal, individual right to be notified in the event of a breach of identifiable health information;
  • Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
  • Development and implementation of federal privacy and security protections for personal health records;
  • Easy access by patients to electronic copies of their records; and
  • Strengthened enforcement of health privacy rules.

The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.

Surveys show a majority of Americans support greater use of health IT. At the same time, consumers have significant privacy concerns about putting their medical records online. Providing a comprehensive framework of privacy and security protections for electronic personal health information is critical for building public trust in a nationwide health IT system.

Senate testimony from the Government Accountability Office last week underscored the need for privacy noting that, “a robust approach to privacy protection is essential to establish the high degree of public confidence and trust needed to encourage widespread adoption of health IT and particularly electronic medical records.”

“An interconnected health system is possible only if there are sufficient protections in place for privacy and security,” said Leslie Harris, President and CEO of the Center for Democracy & Technology. “It is critical that privacy provisions remain in this legislation as it moves forward. We look forward to working with Congress and the Administration to ensure we have a comprehensive privacy and security policy framework in place to protect personal health information.”