"There are inherent vulnerabilities in a NHIN, just as there are inherent vulnerabilities in paper-based records," warned Emily Stewart, a policy analyst for the Health Privacy Project. "So protections have to be built in… It's not going to work if patients feel that their privacy is not protected."
That fear is so strong, Stewart said, forcing Americans to participate in the NHIN could derail it. "We believe patients need to be able to opt out of a NHIN," she said.Stewart said surveys and focus groups show that Americans remain leery of making their records electronic. Only one in three adults say they trust health plans and government payers to protect their information. Another 20 percent say their personal health information has been illegally disclosed. Almost half of Americans felt that privacy concerns outweighed the health benefits promised by a NHIN. Stewart's view was echoed by Connecting for Health's Carol Diamond.
"We have never done a survey that diminished the role of privacy and security in this endeavor," Diamond told attendees. In its latest research, Connecting for Health found that consumers' top priorities for the NHIN remain authenticating users, controlling and limiting who has access to health data, building in permission-based controls and guaranteeing that employers would not have access to health records. In fact, sentiment has run so strong that Connecting for Health has decided only to refer to the NHIN as a secure nationwide health information network.
"The most challenging aspects of the agenda have to do with policy, not technology," Diamond said. "You need an a priori design for privacy and security. You can't build an information system first and then worry about the policies later."
But the emphasis on privacy is not shared by all experts. Scott Wallace, CEO of the National Alliance for Health Information Technology, challenged the argument that bulletproof privacy is a requisite for NHIN-building. Wallace repeated an argument he's made before other groups this year – that privacy is a red herring. "It's not privacy they want," he said, "but confidentiality."
The difference is that privacy – in terms of safeguarding data – is almost antithetical to the main goal of a NHIN, which Wallace says is to share data with providers when they need it most. Confidentiality, he said, is compatible with data sharing: the expectation is that data is shared with care professionals, but no one else. To illustrate his point, Wallace showed a picture of Hurricane Katrina victims receiving treatment on an airport runway. "I don't think anybody lying there is really concerned about the privacy of their health information," he said. "I think they're worried about dying there on the tarmac. If we focus [only] on privacy and ignore other issues, we'll never get to where we need to be."
Stewart disagreed. "The vast majority of people aren't on the tarmac. They're in doctors' offices, and they do care about privacy," she said. "The people on the tarmac may not worry about privacy at the moment, but they will worry about disclosures long after they get off the tarmac."