The Trouble With Metadata & Health Privacy
By Rebecca Hepp, an editorial intern with ADVANCE
Advances in technology over the past decade have raised serious concerns for patient privacy, an issue that sparked an intense panel discussion at the Second International Summit on the Future of Health Privacy, held last week in Washington, DC. Panelists debated current legislation's ability to properly protect patients in the age of smart phones, tablets and electronic records. For James Pyles, a health law attorney who has worked on privacy measures for HIPAA and the HITECH Act, legislation is lagging far behind technology, leaving patients unprotected from potential electronic violations of privacy.
"We now have electronic disclosures of patient privacy that are entirely different from disclosures of paper records," Pyles said. "You can get a paper record back; you cannot get an electronic record back. You can disclose millions of electronic records simultaneously; you cannot do that with paper records."
"The damage that can be done to someone is perpetual," Pyles added. "And the damages that can be awarded are incalculable."
Joy Pritts, chief privacy officer for the Office of the National Coordinator for Health IT (ONC), agrees with Pyles that technology is advancing much quicker than the law, although she did argue that HIPAA still has its strengths. Under HIPAA, enforcement of federal privacy regulations is in the hands of the states, who are free to extend enforcement beyond the floor set by the federal regulation.
"In some states, there are very strict standards on how [health information] can be shared," Pritts said. "In other states, they didn't see a need to do that because they thought patients were comfortable getting care and sharing that information for certain purposes without having to expressly write it down on a piece of paper."
Adding fuel to the fire, Frank Pasquale, a healthcare regulation and enforcement professor at Seton Hall University, brought up the related debate over metadata and its potential to give patients more control over their personal information. "We've got to create new modes, enable modes of granular control over the data in order to make people feel safe," Pasquale said. "Otherwise, we're never going to have the type of benefits we can get from big data analysis, from observational research."
Metadata, according to the ONC, is data that provides more detail or information about a piece of data, which has the potential to drastically improve the way health organizations communicate electronically. However, without any accepted standards for metadata tags, the National Committee on Vital and Health Statistics (NCVHS), the statutory public advisory body to the U.S. Department of Health & Human Services, recommended that the ONC refrain from including metadata standards in Stage 2 of the Meaningful Use incentive program.
Referring to the NCVHS's recommendation, Pritts told the panel last week that metadata is currently on hold for electronic health records, at least until metadata standards are better assessed and understood. With such a powerful tool at hand, precautions must be taken to ensure there are no unintended consequences that could infringe on patient privacy.