WASHINGTON – When it comes to identity proofing and authenticity, the federal government should establish minimum safety standards for healthcare IT systems that will hold patient records or send e-mails between providers and patients, said a number of experts who gave testimony last week to a federal advisory panel.

A dozen invited experts and nearly half as many members of the public spoke before the American Health Information Community’s Confidentiality, Privacy and Security Workgroup, an advisory board to the Department of Health and Human Services.

Though the experts hailed from federal, private, trade, and not-for-profit organizations, similar concerns were echoed, including recognition of the financial burden of maintaining privacy, the severe demands associated with the use of extraneous passwords and login systems on physicians’ time, and overall fear for keeping records safe.

The meeting was one in a series of meetings to be held this fall to answer HHS Secretary Michael Leavitt’s call for recommendations on ways to protect patient privacy while establishing electronic health records and securing electronic messaging between patients and their healthcare providers.

Liesa Jo Jenkins, executive director of CareSpark, Inc., a regional health information organization in Kingsport, Tenn., expressed urgency in the need for electronic health records and their interoperability to benefit patient care. “We cannot wait until we have all the answers, 100 percent—we can’t.”

Jenkins cautioned, however, against patients’ inherent trust in their physicians and willingness to share information they feel will stay confidential. “Patients will hold physicians liable when that trust is breached,” she said.

Representatives from the Association of American Medical Colleges, the U.S. Department of Veterans Affairs and the National Institutes of Health shared examples of ways privacy can successfully be protected.

John Macaulay, MD, vice president of Healthcare and Life Sciences, Anakam, LLC, gave testimony on how the medical world could mimic the security already found in the financial world.

Pat Dixon, executive director of the World Privacy Forum, strongly opposed such an idea. While the financial world is staunchly regulated, the overall protection provided to electronic health information does not currently exist under HIPAA, she said. Further, “healthcare must be held to a higher standard because mistakes mean that people will die.”

Dixon also advised the panel to consider the growing number of privacy breaches committed by insiders within healthcare organizations.

 The workgroup scheduled a follow-up meeting for Friday, Oct. 6, from 11 a.m. to 2 p.m. to deliberate its recommendations.