Friday, November 20, 2009

Who will watch the hen house?

In an article Thursday, the Huffington Post went to some length to examine the tug-o-war occurring between the health industry (hospitals and insurance companies) and privacy/security advocates. The health industry wants a federal rule on health data breach notification to contain a "harm threshold" that says how many records are breached, or how much harm is done by the breach before notification is required. The reason there was anything to argue about is a piece of legislation crafted to encourage the move to electronic medical records. The article doesn't mention the bill by name, or any of it's authors, but apparently the original bill did not specify just how much data had to be mishandled before notification was required - and that is the same as saying ANY lost data meant notification was necessary. The HC industry lobbied the Department of Health and Human Services to add a "harm threshold" because if one bill went to the wrong address, that patient would have to be notified. Such stringent requirements scare hospital administrators and health insurers: "Such a requirement, they say, not only would be costly but also would overwhelm consumers and make them less likely to notice when a real problem occurred."

How many mistakes do they make every month? It sounds to me like hard-nosed notification requirements are overdue. Strict requirements with real consequences for failure to comply will force healthcare providers and insurers to fully train their employees in the regulations and give them the tools to do it right. If they are making so many mistakes right now that being required to send notifications of any mishandled data would overwhelm me with notifications there is a big problem. I don't trust the health care industry to police themselves and notify people any sooner than they absolutely have to. I think it's time to contact our congressman and tell them we want notification. The easiest way to contact your senator (if you don't already have the info):

Your Representatives:
Enter your zip code in the box in the upper left and click on "go".