HHS “National Health Security Strategy” – Orwellian?
With all of the talk about the government overstepping boundaries in the wake of the Edward Snowden leaks, any proposal to broaden the federal government’s reach into our personal data should raise some eyebrows. It was probably only a matter of time before our health data was topic du jour. Well, the public comment period for the Department of Health and Human Services’ “2015-2018 National Health Security Strategy” draft proposal ends tomorrow, May 21.
While the draft document is stamped boldly with admonitions to “Not Cite or Quote” it (does that count as quoting the draft document?), it is interesting to note the the broad language in the document, especially around line 298 and following, seems to encourage establishment of a broad data warehouse with health information from all sorts of sources (social media, governmental and non-governmental sources … that pretty much covers “everywhere”).
State Health Information Exchanges have been established across the nation in recent years, and are a likely source of much of this data. The data in these HIEs comes from your doctor and mine, from hospital systems and doctors offices across the nation. The goal is to not only manage public health crises, but to preemptively monitor potential health issues. A noble goal, perhaps, but think about the implications of putting such aggregated health data on everyone in the nation in the control of a single entity (and those in its employ). I wrote in my book, Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records (which will be published next month) on the importance of using health data for research to benefit outcomes, but I spoke to the matters of privacy that were inherent in the need for research:
It is simply not viable to continue funding an inefficient system with tax dollars for the long term. By focusing on outcomes, reducing duplicative processes, eliminating readmissions, and mining the data from millions of patients to determine how we might eliminate many of the costly, unnecessary procedures that we pay for day after day, year after year— we just might improve the bottom line.
To do this we need to capture your health data, and we need to capture my health data, and we need to be sure it stays right where it belongs—in the care of the health systems providing our care. Should our data be used to improve the overall healthcare system? Certainly!
Should we expect that our private diagnoses—perhaps cancer one day—will remain confidential and available only to those with whom we chose to share them? Absolutely!
It will, however, take a concerted effort on the part of health systems everywhere to ensure that our health data is handled with no less (and, indeed, I would argue, much more) care than our banks use when handling our financial data.
This concerted effort begins by educating healthcare employees about the great responsibility with which they have been entrusted and providing them with the tools they need to do their jobs. (Chapter 3 – “It’s Not Just HIPAA – Legislating Privacy and Security”)
I sincerely hope that the public comment on this proposal will result in some serious fences being placed around any legislation that results from this proposal. Do we really want a massive, centralized database that contains every symptom we have ever shared with our doctors, and is this necessary? I’m sure (or, I hope) that this is just the beginning of a long conversation on this topic.
Chime in with your thoughts.