Thematic Areas

Privacy and Health Information Technology

Deven McGraw, JD, LL.M., MPH

Paper Summary

The increased use of health information technology (health IT) is a common element of nearly every health reform proposal because it has the potential to decrease costs, improve health outcomes, coordinate care, and improve public health. However, it raises concerns about security and privacy of medical information.

This paper examines some of the “gaps” in privacy protections that arise out of the current federal health privacy standard, the Health Insurance Portability and Accountability (HIPAA) Privacy Rule, the main federal law which governs the use and disclosure of health information.

Additionally, it puts forth a range of possible solutions, accompanied by arguments for and against each. The solutions provide some options for strengthening the current legal framework of privacy protections in order to build public trust in health IT and facilitate its use for health reform.

The American Recovery and Reinvestment Act (ARRA) enacted in February 2009 includes a number of changes to HIPAA and its regulations, and those changes are clearly noted among the list of solutions (and ARRA is indicated in the Executive Summary and paper where the Act has a relevant provision).

About the Author

Deven McGraw, J.D., LL.M., M.P.H., is the Director of the Health Privacy Project at The Center for Democracy and Technology (CDT). The Project is focused on developing and promoting public policies that ensure individual privacy as personal health information is shared electronically. Ms. McGraw has been active in efforts to establish a nationwide health information network. She served on two workgroups of the American Health Information Community (AHIC): she co-chaired the Confidentiality, Privacy and Security Workgroup and served as a member of the Personalized Health Care Workgroup. Both workgroups provided recommendations to AHIC and the Department of Health and Human Services about policies and practices to facilitate greater use of health information technology. She also serves on the Leadership Committee of the eHealth Initiative.

Prior to joining CDT, Ms. McGraw was the Chief Operating Officer of the National Partnership for Women & Families, providing strategic direction and oversight for all of the organization's core program areas. Ms. McGraw also was an associate in the public policy group at Patton Boggs, LLP and in the health care group at Ropes & Gray. She also served as Deputy Legal Counsel to the Governor of Massachusetts and taught in the Federal Legislation Clinic at the Georgetown University Law Center. McGraw graduated magna cum laude from the University of Maryland. She earned her J.D., magna cum laude, and her LL.M. from Georgetown University Law Center and was Executive Editor of the Georgetown Law Journal. She also has a Master of Public Health from Johns Hopkins School of Hygiene and Public Health.