Security, Privacy and The Law : Security & Privacy Lawyer & Attorney : Foley Hoag Law Firm : Boston, Washington D.C.

A recent article from Computerworld reports that, according to a new study conducted by researchers from MIT and the University of Virginia, "EMR [Electronic Medical Record] adoption is often slowest in states with strong regulations for safeguarding the privacy of medical records."   According to the study, in states with "strong privacy laws", the number of hospitals using EMR systems is up to 30% lower than in states with "less stringent privacy requirements."  The study, "which looked at EMR adoption in 19 states over a 10-year period", concludes that the reason for the disparity is that "privacy rules often made it harder and more expensice for hospitals to exchange and transfer patient information, thereby reducing the value of an EMR system."  According to the article, one of the study's authors, Catharine Tucker, stated that "[p]olicy-makers are going to have to choose how much EMR adoption they want and at what cost to patient privacy.

It is worth noting that the study's methodology has been subject to some criticism.  According to the article, Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, said that "the study was based on old data and didn't consider all of the factors that a health care organization would typically look at when deciding whether to adopt an EMR system."  Instead, according to McGraw, the study "looked at whether a state has a medical privacy law and then looked at EMR adoption in that state to draw its conclusions."  Deborah Peel, chair of the Patient Privacy Rights Foundation in Austin, Texas, also criticized the studies conclusions.

Links:

• April 14, 2009 Computerworld article by Jaikumar Vijayan: "Privacy rules hamper adoption of electronic medical records, study says"
• Link to page where the study, "Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records" can be downloaded (Note: you must pay to download the study)

• Email This
• Print
• Comments
• Trackbacks
• Share Link

As I noted a few weeks ago, Senators Jay Rockefeller (D-W.Va.), Olympia Snowe (R-Maine) and Bill Nelson (D-Fla.) were drafting new cybersecurity legislation.  Last week the Senators introduced two bills.  The first, S.778 (text of the bill not yet available), would establish an Office of National Security Advisor within the Executive Office of the President.  The second, S.773 (text of the bill not yet available), entitled the Cybersecurity Act of 2009, gives the President the power to limit or shut down Internet traffic to and from any federal government or United States infrastructure network.  The other provisions of the legislation are summarized in my previous post.

Whether the legislation has any chance of passing remains to be seen.  However, some groups are already criticizing aspects of the legislation.  The President of the Center for Democracy and Technology, for example, has stated "[t]he cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."  The bills have been referred to the Committee on Homeland Security and Government Affairs.

Links:

• A draft of S.778 (.pdf)
• A draft of S.773 (.pdf) 
• The CDT's post on the legislation can be found here.
• April 6, 2009 Computerworld Article: "Yet Another Government Attempt At Cybersecurity"

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link