FREE Health Data Management Site Registration

Sign up today and access the leading source of Health Care I.T. information on the Web.
Your FREE site registration entitles you to:

Free Health Data Management e-newsletter
 
Search more than 12,000 articles
 
Access Web Seminars on a host of I.T. topics
 
White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues
 
Podcasts, updates on industry events, and much more!

 
   

GAO: Privacy Laws Need Revamping


July 1, 2008

Congress should revise the scope of federal privacy laws, including those pertaining to medical information, to cover all personal information and limit the use of that information, according to recent congressional testimony from the Government Accountability Office.

The GAO, an investigatory arm of Congress, recently assessed the sufficiency of laws and guidance covering the federal government’s collection and use of personal information. It found, for instance, that the federal Privacy Act’s protections are outdated and may not apply to contemporary data processing technologies and applications, testified Linda Koontz, director of information management issues at GAO.

“In today’s highly interconnected environment, information can be gathered from many different sources, analyzed and redistributed in very dynamic, unstructured ways that may have little to do with the file-oriented concept of a Privacy Act system of records,” she told the Senate Homeland Security and Governmental Affairs Committee. “For example, data mining, a prevalent technique used by federal agencies for extracting useful information from large volumes of data, may escape the purview of the Privacy Act’s protections. Specifically, a data mining system that performs analysis by looking for patterns in personal information located in other systems of records or that performs subject-based queries across multiple data sources may not constitute a system of records under the act.”

For example, data sources for a planned data mining program by the Department of Homeland Security may be covered under Privacy Act notice requirements, but the data mining system itself is not covered and no documentation of protections under the Privacy Act is required. “As a result, personally identifiable information collected and processed by such systems may be less well protected than if it were more specifically addressed by the Privacy Act,” Koontz said.

Full text of her testimony, GAO-08-795T and titled, “Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information,” is available at gao.gov.

Business Intelligence Archive
Data Repositories Archive
Data Security Archive
Electronic Health Records Archive
Policies/Regulation Archive
Payers Archive

I.T. Spotlights