Privacy as an enabler, not an impediment: building trust into health information exchange

Building privacy and security protections into health information technology (IT) systems will bolster trust in such systems and promote their adoption. The privacy issue, too long seen as a barrier to electronic health information exchange, can be resolved through a comprehensive framework that implements core privacy principles, adopts trusted network design characteristics, and establishes oversight and accountability mechanisms. The public policy challenges of implementing this framework in a complex and evolving environment will require improvements to existing law, new rules for entities outside the traditional health care sector, developing privacy rules for personal health records, a more nuanced approach to the role of consent, and stronger oversight, accountability, and enforcement mechanisms. The challenge is to find the right mix of statutory direction, regulatory implementation, and industry best practices to build trust in e-health systems and enable the widespread adoption of health IT.