A lot has been happening around the nation regarding health privacy policies that affect all citizens. A summary follows:

Significant Privacy Breaches from Outsourcing Federal Health Services
The Government Accountability Office (GAO) reported recently on the significant percentage of privacy breaches that occur with outsourcing contractors used by Medicare, Medicaid, and TRICARE (Department of Defense health-care program). Together these government programs cover more than 100 million Americans (42 million in Medicare, 56 million in Medicaid, and 9 million active-duty military service members, retirees, and their dependents).

According to the September 2006 GAO study “Privacy: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE,” 40 percent of almost 400 federal contractors and state Medicaid agencies reported a privacy breach within the past two years. The personal information accessed may include medical diagnosis and treatment records, and patient identifiers, such as name, address, date of birth, and Social Security number. Over 42 percent of Medicare fee-for-service contractors reported privacy breaches in that period.

President Bush Signs Executive Order Simplifying the Transfer of Electronic Medical Records
While federal agencies contend with privacy breaches, President Bush is moving forward with promoting “interoperable” electronic medical records. In August he signed an executive order, “Promoting Quality and Efficient Health Care in Federal Government Administered or Sponsored Health Care Programs,” requiring agencies and their contractors to meet “interoperability” standards for health data. “Interoperability” is defined as “the ability to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks in various settings, and exchange data such that clinical or operational purpose and meaning of the data are preserved and unaltered.” According to a Kaisernetwork.org report, all health-care providers who receive federal funds will have to abide by these uniform information technology standards.

It is worth noting that this “interoperability” requirement was tied to other federal orders to establish transparency regarding health-care quality and price and to establish reimbursement models based on quality of care, including pay-for-performance models.

CIA Investing Money in Software for Managing Electronic Health Records
Meanwhile, Government Health IT reported on August 14 that “The CIA-backed venture capital firm In-Q-Tel is investing money in a company that sells software used for managing electronic health records.” The tool is referred to as “master patient index” software and could be used in lieu of assigning every citizen a unique health identifier, which Americans vehemently oppose. In fact, in 2005 Dr. David Brailer (then national coordinator for health information technology at the Department of Health and Human Services) said HHS had decided not to base a national medical network on unique health identifiers. But it has been unclear what other technology might be used instead.