While the Healthcare IT Policy Committee, a federal advisory panel, is working on projects that will outline patient protections, patient privacy activists warn that allowing patients to opt out of participation in electronic health information exchanges will be critical to building public trust.

At an April 21 meeting of the HIT Policy Committee,  workgroup leaders proposed ways to build a foundation of trust.

Deven McGraw, chair of the Privacy and Security Policy Workgroup and director of the Health Privacy Project at the Center for Democracy and Technology, said, "privacy is critical to building trust."

McGraw presented a draft on electronic health record protections her workgroup is developing using principles from existing laws. "We're not working from scratch here. We have laws in place," she said, citing HIPAA and state patient privacy laws.

The workgroup is also drawing from the December 2008 Nationwide Privacy and Security Framwork developed by the Office of the National Coordinator for Health Information Technology (ONC), McGraw said.

The workgroup plans to have final recommendations for the full policy committee's consideration at its May 19 meeting.

"We're trying to focus on where we might be deviating from patients' reasonable expectations," McGraw said.

Paul Egerman, co-chair of the Certification and Adoption Workgroup proposed his group's recommendations for patient safety, including the call for a national, transparent oversight process and information system, similar to a Patient Safety Organization (PSO).

The workgroup recommended the PSO have whistle-blower protection; the ability to investigate serious incidents; provisions of standardized data reporting formats; and the ability to receive reports from patients, providers and vendors.

The group also recommended the PSO have to ability to receive reports on all healthcare IT and software sources.

In addition, the workgroup recommended that ONC commission a formal study "to thoroughly evaluate HIT patient safety concerns, " including strategies for addressing the concerns.

David Lansky, chair of the NHIN workgroup said much of the work each workgroup is conducting is dovetailing with other groups. His workgroup proposed a broad recommendation for a national healthcare IT trust framework that would include business, policy and legal requirements; transparent oversight; enforcement and accountability; identity assurance; and minimum technology requirements.

"We need all five of these elements to build public trust," he said, adding he will be calling on the policy committee's expertise to flesh out the framework after it is approved.

Deborah Peel, MD, founder of Patient Privacy Rights, called for parceling patient data. "We won't ever get trust without segmenting the data," she said. In Peel's view, patients will demand the right to share only part of their data, or none at all.

"No one should have to be all in, or all out," Peel said during the meeting's public comment period. "People should be able to selectively share their data. That's the way it's always been."

Peel added that audit trails are easily created and would add a dimension of accountability that patients would need in order to trust their records are protected.