Santa Clara University


Privacy Protections for Patient-Empowered Care

EHR PrivacyCo-sponsored by the High Tech Law Institute and the Markkula Center for Applied Ethics

Personal health records (PHRs) hold significant potential for consumers and patients to become informed decision-makers in their own health care. What assurances need to be in place so that consumers trust that their health information is safe and wisely used? Currently, health-care providers and third-party health-IT vendors like Google and Microsoft, are governed by different regulatory statutes. This is an important factor in current health information privacy and security. The American Recovery and Reinvestment Act of 2009 requires the Department of Health and Human Services and the Federal Trade Commission to report to Congress by February 18, 2010, with recommendations for privacy and security requirements for Patient Health Record vendors and related entities that are not covered by The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. What overarching policy framework should be put into place to harmonize the security safeguards used by hospitals and personal health record IT vendors alike? How is the emerging PHR policy landscape transforming the business models of health IT providers? What kinds of privacy protections should health IT consumers reasonably expect in the coming years?

This forum featured Dr. Paul Tang, MD, a member of the National Committee on Vital and Health Statistics, Subcommittee on Privacy, Confidentiality & Security (NCVHS), who provided an overview of the various kinds of Personal Health Records and highlighted their business model differences and privacy implications. Deven McGraw, Director of the Privacy Project of the Center for Democracy and Technology has been a key stakeholder and testifier to the NCVHS. McGraw looked at how third party applications (a significant part of the PHR business model) access and use personal data, and she gave some insight about the emerging consensus around PHR privacy policy. The touched on a range of issues in the realm of patient-empowered care – from business practices and technical infrastructure, to legal and policy frameworks – and taught about the pressing issues that will attend the dynamics of these emerging health IT practices for some years to come.


Deven McGraw, Director of the Health Privacy Project – Center for Democracy

McGrawDownload Deven McGraw's PowerPoint Presentation

Deven McGraw is the Director of the Health Privacy Project at CDT. The Project is focused on developing and promoting workable privacy and security protections for electronic personal health information. Ms. McGraw is active in efforts to advance the adoption and implementation of health information technology and electronic health information exchange to improve health care. She was one of three persons appointed by Kathleen Sebelius, the Secretary of the U.S. Department of Health & Human Services (HHS), to serve on the Health Information Technology (HIT) Policy Committee, a federal advisory committee established in the American Recovery and Reinvestment Act of 2009. She also served on two key workgroups of the American Health Information Community (AHIC), the federal advisory body established by HHS in the Bush Administration to develop recommendations on how to facilitate use of health information technology to improve health. Specifically, she co-chaired the Confidentiality, Privacy and Security Workgroup and was a member of the Personalized Health Care Workgroup. She also served on the Policy Steering Committee of the eHealth Initiative and now serves on its Leadership Committee. She is also on the Steering Group of the Markle Foundation's Connecting for Health multi-stakeholder initiative. Ms. McGraw has a strong background in health care policy. Prior to joining CDT, Ms. McGraw was the Chief Operating Officer of the National Partnership for Women & Families, providing strategic direction and oversight for all of the organization's core program areas, including the promotion of initiatives to improve health care quality. Ms. McGraw also was an associate in the public policy group at Patton Boggs, LLP and in the health care group at Ropes & Gray. She also served as Deputy Legal Counsel to the Governor of Massachusetts and taught in the Federal Legislation Clinic at the Georgetown University Law Center. Ms. McGraw graduated magna cum laude from the University of Maryland. She earned her J.D., magna cum laude, and her L.L.M. from Georgetown University Law Center and was Executive Editor of the Georgetown Law Journal. She also has a Master of Public Health from Johns Hopkins School of Hygiene and Public Health.

Paul Tang, MD, Chief Medical Information Officer – Palo Alto Medical Foundation

TangDownload Dr. Paul Tang's PowerPoint Presentation

Paul C. Tang, M.D., M.S., is an internist and vice president, chief medical information officer at the Palo Alto Medical Foundation (PAMF), and is consulting associate professor of medicine (biomedical informatics) at Stanford University. Dr. Tang is the vice-chair of the federal Health Information Technology Policy Committee, and chair of its Meaningful Use Work Group. Established under the 2009 American Recovery and Reinvestment Act (ARRA), the group advises the U.S. Department of Health and Human Services on policies related to health information technology.((An elected member of the Institute of Medicine (IOM), Dr. Tang chaired an IOM patient safety committee, which published reports in 2003/2004: Patient Safety: A New Standard for Care, and Key Capabilities of an Electronic Health Record System. He is also a member of the IOM Board on Health Care Services.((Dr. Tang chairs the National Quality Forum's Health Information Technology Expert Panel and is a member of the NQF Consensus Standards Approval Committee. Dr. Tang is the immediate past-chair of the board for the American Medical Informatics Association and a member of the board of the National eHealth Collaborative. He is a member of the National Committee on Vital and Health Statistics (NCVHS), and co-chair of the NCVHS Quality Subcommittee. Dr. Tang co-chairs the Measurement Implementation Strategy work group of the Quality Alliance Steering Committee and chairs the Robert Wood Johnson Foundation’s National Advisory Council for ProjectHealth Design. He has published numerous papers in medical informatics, especially related to EHRs and PHRs, and has delivered over 250 invited presentations to national and international organizations and associations. Dr. Tang is a Fellow of the American College of Medical Informatics, the American College of Physicians, the College of Healthcare Information Management Executives, and the Healthcare Information and Management Systems Society.

Printer-friendly format