I have asked for more specific security to be included in Meaningful Use (that Meaningful Use Security Capabilities are Lacking, Privacy Capabilities NON-existent), and for them to include even simple Opt-In/Opt-Out capability (Stepping stones for Privacy Consent). I know that these are not included today because of a need to push the market space slowly. I however am very concerned that an HIE built with out privacy controls, may never get them. The Consent Management using HITSP TP30 is not a difficult to implement system, and it is designed to grow to more comprehensive consent policies.
I do think that this past year far more has been done about Privacy in Healthcare than all the past decade. There is far more visibility of the issue, and privacy advocates and subject matter experts are far more common. A huge step in the right direction was the posting of USA healthcare breach notifications.
Now that there is a way to publicly shame organizations, we are seeing more interest in implementation of Security and Privacy.
In a special event as part of the Privacy 2010 Campaign, the ElectronicPrivacy Information Center (EPIC) has released the 2010 Privacy ReportCard for the Obama Administration. The Report Card focuses ondevelopments over the past year in the areas of medical privacy, civilliberties, consumer protection, and cyber-security.
The report card was formerly unveiled at the Mott House, on CapitalHill. EPIC's executive director, Marc Rotenberg, briefly discussed thegrades from 2009 and the rationale for the new marks. 2010 gradesinclude two B's (medical privacy and cyber-security), a C (consumerprivacy), and a D (civil liberties). These were significant drops from2009, when the Administration received an Incomplete (consumerprivacy), an A- (medical privacy), a B (cyber-security), and a C+ (civilliberties).
EPIC: Privacy 2010 Campaign Platform
EPIC: Privacy 2010 Facebook Cause Page
EPIC: 2009 Privacy Report Card
EPIC: 2010 Privacy Report Card