ONC's Donald Rucker: More Work to Do on Health Data Privacy'As a Country, We Really Haven't Sorted Out Privacy'
Despite recently adopted final regulations designed to enhance health IT interoperability, prevent the blocking of patient information sharing among clinicians and ensure patients have secure access to their health information, many health data privacy issues still need to be addressed, says Don Rucker, M.D., national coordinator for health IT at the Department of Health and Human Services.
"As a country, we really haven't sorted out privacy. The Europeans with their global digital privacy directives are taking a stab at it," he says in an exclusive video interview with Information Security Media Group.
Rucker points to the need to ensure that health data collected by location-based technologies, wearable devices and websites is adequately protected. "I don't think any sort of reasonable person looking at this would say we've really sorted out ... what's appropriate to share and when."
Rucker also says "we still have a long way to go" to ensure that patients have a clear-cut right to consent to how their data is used.
"Getting a three-page consent form when you're rolled into the ER or pre-op for surgery ... is not really consent. It's a contract of adhesion, legally," he says. "We do a lot of what I call 'faux consent'."
In this in-depth video interview, Rucker also discusses:
- How more widespread health IT interoperability, secure health information exchange and patient access to records could have helped during the COVID-19 pandemic;
- Health data security and privacy regulatory issues falling outside of HIPAA;
- The status of HHS enforcement of the 21st Century Cures Act health IT provisions, including regulations that prohibit the blocking of patient information sharing;
- Top privacy and security priorities and projects at ONC for the remainder of this year.
Before being named HHS' national coordinator for health IT in 2017, Rucker was a professor at Ohio State University and chief medical officer of Premise Health, a worksite clinic provider. Rucker started his informatics career at Datamedic Corp. and later served as chief medical officer at Siemens Healthcare USA. He has also practiced emergency medicine at Kaiser in California, Beth Israel Deaconess Medical Center in Boston, the University of Pennsylvania's Penn Presbyterian and Pennsylvania Hospitals and at Ohio State University's Wexner Medical Center.