partment of Health and Human Services to issue recommendations for establishing unique patient identifiers were put on hold in response to public outcry over potential violations of medical privacy (Goldman, 1998).
There is general agreement that privacy protections are needed for consumers, but there is also recognition that unless carefully balanced, such protections may limit the future prospects of IT (Detmer, 2000a). Public opinion polls conducted during the last decade document high and increasing levels of concern about privacy, raising questions about whether people’s fear of violations of their privacy may lead some to forego seeking necessary health services or to withhold personal information from clinicians (Goldman, 1998). Others point out that, if too stringent, privacy protections will impede the adoption of many IT applications critical to addressing health care quality concerns (Detmer, 2000a).
The demands of health care with regard to security and availability are both more stringent and more varied than those of other industries (Institute of Medicine, 1994). Automated records can make it much easier for hackers to assemble lists or to find (or alter) information about individuals. At the same time, there are many different sources and types of health data, and clinical information must be available to all clinicians and others involved in care delivery whenever needed. Well-crafted policies can be implemented to ensure timely access for those with a valid need to access the data, including treating clinicians and patients, while denying access to unauthorized users. Information security technologies, such as encryption, authentication of both the sender and receiver of data, and audit trails to detect unauthorized users, are available to support such policies (Detmer, 2000a; National Research Council, 1998; U.S. General Accounting Office, 1999). Legal enforcement of privacy and confidentiality rights with strong remedies can serve as both a deterrent to unauthorized users and a method of redress for individuals whose privacy rights have been violated.
The lack of commonly accepted definitions and nomenclature for the collection and coding of data and standards for the exchange of information has also been recognized as an obstacle to broad adoption of clinical information technologies (Dwyer, 1999; Kleinke, 1998; McDonald, 1998; U.S. Department of Commerce, 1994). Data standards are needed to facilitate sharing and communication of the data across different health care information systems, and to ensure that the data are complete, accurate, and comparable (National Committee on Vital and Health Statistics, 2000). Numerous groups, including the American National Standards Institute’s Healthcare Informatics Standards Board, High Level 7, the American Sociey for Testing and Material, the American Standards Committee, the Institute of Electrical and Electronics Engineers, international organizations, and numerous governmental groups, have developed standards for claims forms, datasets, diagnostic and procedure classifications, vocabularies, and messaging formats (Agency for Healthcare Research and Quality, 1999; Cushman and Detmer, 1998). The Library of Medicine has made extensive efforts to standardize vocabulary (including the construction and maintenance of