As I sat through the Office of the National Coordinator of Health Information Technology (ONC) Policy Committee yesterday, I was taken on how personal the discussion of Privacy and Security is.  Several work-groups within the two committees have laboriously dug through what they hope to be “best practices” for protecting health information in the future. 

A few thoughts/facts from this discussion:

1. In spite of what we might think, there are data breaches with paper records (medical data faxed accidently to a dry cleaner instead of a doctor’s office, lab data stored incorrectly, etc.)
2. Should patients be allowed to “opt-in” to sharing their personal data across care or allowed to “opt-out” (meaning the default would be that everyone agrees to share data unless they choose NOT to.)
3. Compelling comments were made from both philosophies—Americans have the right to a choice on their privacy; Privacy is a constitutional right vs. we may protect the personal data perfectly and “end up with a dead patient” because the data could not be used.
4. A new term was introduced: “Individually Identifiable Health Information” and of course a new acronym: IIHI!
   This is information that connects an individual person with their own health data vs. “PHI” or Protected Health information—which is a smaller subset of data we should protect for individuals.

Sometimes the most obvious information is also the most powerful:
“The relationship between the patient and his or her health care provider is the foundation for trust in health information exchange. Providers “hold the trust” and are ultimately responsible for maintaining the privacy and security of their patient records.”