Skip to content Skip to navigation

Privacy Statement

January 1, 2007
by Kathryn Foxhall
| Reprints
The role of states grows as privacy comes to the forefront of electronic healthcare information exchange.

The growing realization of the powerful role states play in developing electronic health record (EHR) interoperability has moved Washington officials to create several new centers of activity.

In full swing is the Health Information Security and Privacy Collaboration (HISPC), one of the major efforts supported by the Office of the National Coordinator for Health Information Technology (ONCHIT). In a process aimed at addressing variations in organization-level business policies and in state laws, a designated group in each of 33 states and Puerto Rico has held open meetings and other activities over the last few months and recently made their first reports. Final plans and a nationwide meeting on implementation are due in March.

Linda Dimitropoulos, Ph.D. — project director of the $17 million RTI International (Research Triangle Park, N.C.) contract to manage HISPC — says the project has worked through the National Governors Association and the governors' offices to subcontract with the groups within the states. Those groups have worked at, "pulling together stakeholders in electronic health information exchange from across hospitals, providers, consumers, labs — anyone engaged in the exchange of health information." Linda dimitropoulos

"Their goal was really to be able to find ways to accomplish electronic information exchange and, at the same time, protect the privacy and security protections that are in place within each state that exceed HIPAA (the Health Insurance Portability and Accountability Act)," says Dimitropoulos.

Although it is still early in the process, she says, the groups are clearly finding variations in how HIPAA was interpreted, as well as in, for example, procedures to obtain consent.

In addition, in October ONCHIT entered a $1.99 million contract with the National Governors Association to create a State Alliance for e-Health — a forum for governors, legislators, attorney generals and others to develop consensus solutions for interoperable health information exchange.

Meantime, the National Conference of State Legislatures has created its Project HITCh (Health Information Technology Champions) to support state legislative decision-making on HIT laws, including privacy laws.

Kala Ladenheim, HITCh program director, says there is a "hot house" of discussion on states and HIT. The technology is moving so quickly that sometimes there are no laws to cover it, she says. On the other hand, HIT issues often must be reconciled with a range of statutes that touch on privacy and insurance laws, but also involve laws ranging from intellectual property statutes to the Employee Retirement Income Security Act (ERISA, which covers various employee benefits), according to Ladenheim.

The HITCh project was created, she says, because, "We have found critical mass in recent months." State legislators realized that most states are considering and passing statutes on HIT, she explains, so they decided to build a central point of expertise and learn from each other.

According to a report from the eHealth Initiative (eHI), in 2005 and 2006, 38 states had 121 bills with a specific HIT focus introduced. Twenty-four states had 36 such bills signed into law. In addition, 10 governors issued executive orders on HIT.

A primary purpose of the laws, says eHI, was the creation of commissions or other bodies to look at improving healthcare through HIT. According to the group, 19 bills with that focus were passed in 14 states.

But another interesting twist, says Ladenhiem, is the fact that HIT legislation will be discussed in the new Democrat-controlled Congress. Some states want to wait to see how that plays out, she indicates, before they move forward with particular pieces of legislation.

Kathryn Foxhall is a freelance writer based in Hyattsville, Md.