How do we create the “trust fabric” so often mentioned in the discussion of exchanging electronic health data? This topic has been foremost on my mind, as ADA just presented comments on the Proposed Rule for Modification of the HIPAA Privacy, Security, and Enforcement Rules under the HITECH Act.
I was preparing the comments in flight--while returning from a trip this past weekend. I happened to return on September 11—a day that is etched in our minds as “what was I doing when it happened?” On the flight back I reflected on my location nine years ago—traveling down Interstate 270 to meet a business client at an office in Arlington, VA. I was aware of the NY attacks, but could not get in touch with my client, so decided to drive to the office and discuss whether to proceed with the meeting.
While driving down I-270 south towards Washington, DC, I heard on the radio about the Pentagon attack. I arrived to the building--shaken —and tried to enter as the entire building was evacuating. I connected with my client and canceled the meeting. While hurriedly driving back north on 1-270, I heard on three different radio stations of the evacuation of DC, instructions not to tie up cell lines—etc. I wondered how odd the circumstance—particularly since I had not traveled into DC or VA at all during business –ever, until that day.
I next thought of the changes to airline travel since September 11 and realized how my “trust” of flying had been shattered, then rebuilt by the changes in airline security. Nine years later to the day, I was-- flying on September 11, on the same airline that flew into the Pentagon—and landing at Reagan National Airport. What had restored my “trust”? Very thorough rules, consistency in enforcement, random “security” evaluations and a no-nonsense approach to ensuring safety. I pondered—if this were not the case with airline security—would I still be on that flight? Not a chance. We have to create the same process for health data change.