by Andrew J. Demetriou, Fulbright & Jaworski LLP, Los Angeles, CA
During the course of this year I have tried in these columns to highlight the important substantive work carried on by our 12 Interest Groups. As I have noted, these groups represent an important link to all of us who are Section members in providing programs, publications, conference calls and List Serv opportunities for individuals who share common interests in their practices. One thing I have noted in my reflections on our work is how many healthcare legal issues are defined by conflicts between important social, medical and technological values, none of which can or should be lightly dismissed.
This month our attention turns to the eHealth, Privacy and Security Interest Group, whose domain includes some of the most difficult of these conflicts. The explosion of available medical technology has in turn created a nearly insatiable desire for the collection and transmission of medical data, as well as ample ability to do so. The appropriate use of this information can guide the use of technology in the delivery of care, anticipation of disease, prevention of complications from medical procedures, monitoring of outcomes and improving efficiency in the delivery and payment for medical services. Unfortunately, well founded societal expectations as to personal privacy and concerns about the very real potential for misuse of medical data deserve attention and compel restraints on the advances in technology.
Congress waded into this thicket with the enactment of the Health Insurance Portability and Accountability Act of 1996, affectionately known as "HIPAA," an acronym that is commonly misprinted (since these statutory names are almost always arbitrary and composed with considerable thought as to the eventual acronym by which they will be known colloquially, there really ought to have been two Ps), and the source of a considerable amount of what passes for Health Law humor--mostly from our distinguished past Council member Alan Goldberg. On a more serious note, even though the word privacy is not found in the name of the act, it is in the areas of privacy and data security that HIPAA has had its most profound effects.
The history of HIPAA implementation, compliance and now enforcement has provided a vivid illustration of the law of unintended consequences. As data storage and access systems have become increasingly decentralized, the requirements for policing access to protected health information has posed an enormous and complex technological challenge in their own right. The range of security measures run the gamut from computer monitors that limit shoulder surfing to network data handling protocols intended to prevent significant breaches of security of the types affecting credit card companies. The authors of HIPAA never envisioned that the more public aspects of their work would involve the unauthorized viewing of medical records of Britney Spears and George Clooney, nor did they consider that the impressive mines of data created in response to payment and reimbursement requirements would become increasingly valuable to a range of vendors of healthcare services, creating an enormous temptation to tap this information for commercial purposes.
A new area of ferment is the use of individual genetic information, which represents an impressive leap forward in our capabilities to confront and treat disease. The second edge to this powerful sword is that this same data could be used for a variety of ends that are unacceptable in our society, including job discrimination and denial of insurance coverage. Congress has recently enacted the Genetic Information Nondiscrimination Act (with the much more felicitous acronym "GINA") in an effort to curb potential misuse of genetic information. Those who are experienced with HIPAA know that the difficult challenges of addressing the implementation of GINA (let alone making it work in a HIPAA oriented world) remain before us, and will tax both government lawyers and the private bar. This month's issue contains a forward-looking article on these issues by Cindy Stamer.
The Section realized early on that the issues of privacy and security would become a permanent part of the environment in which healthcare providers and entities that support them would live and we organized an interest group to provide an institutional home for the study of these issues. Today, this group includes over 400 of our members and is headed by Marc Goldstone of Nashville, Tennessee, who is nearly as notable for his role in convening the Usual Suspects Dinners at various Section events. Marc is ably assisted by Jacqueline Crain of St. Petersburg, Florida, Andrew Gantt of Washington, D.C. and his long-time sidekick Hal McCard, who also hails from Nashville. They have contributed programs for both the Washington Summit and EMI as well as teleconferences on both the fundamentals of HIPAA as well as the leading edge issues of enforcement of the privacy rules. This Interest Group oversaw the production of one of our most popular Practical Guides. I encourage those of you who work with healthcare providers on technology and privacy issues to check out this IG's site and sign up to participate in its work.
The current bar year is drawing to a close this August, and our Chair-Elect, Vickie Yates Brown is putting her plans in place for a dynamic term that will start at the end of this year's ABA Annual Meeting in New York. If you have an interest in becoming more involved in the Section, please contact Vickie or our Section Director Jill Pena and they will be happy to direct you to groups and projects within the Section that can use your help.
The ABA Health eSource is distributed automatically to members of the ABA Health Law Section . Please feel free to forward it! Non-members may also sign up to receive the ABA Health eSource.