It was probably a burden that HHS Secretary Mike Leavitt could bear to have Pete Stark casting aspersions on Leavitt’s plan to privatize the American Health Information Community (AHIC). It’s going to be tougher, though, for Secretary Leavitt to buck a bipartisan Senate bill that would put AHIC under Congress’s wing and forestall privatization.

The Senate IT bill was introduced on June 21 in the Health, Education, Labor, and Pensions committee with chairman Ted Kennedy and ranking member Mike Enzi as cosponsors, along with Hillary Clinton and Orrin Hatch. The bill codifies the responsibilities of the national coordinator for health IT, originally created by an executive order, as well as the membership and duties of AHIC, and it creates an additional panel charged with overseeing further development of health IT standards and certification procedures currently under the purview of AHIC, which was chartered by Secretary Leavitt in 2005 and which he currently chairs.

A catalog of all the agencies, committees, and initiatives that have applied themselves to the challenge of promoting interoperability standards for health IT would rival L.L. Bean’s. But AHIC and the standards and certification panels it coordinates with have made progress. Certification standards for ambulatory electronic health records (EHRs) have been approved and are in use by many commercial vendors. Inpatient EHR certification is on the way. Mark Leavitt, chair of the Certification Commission for Healthcare Information Technology (CCHIT), reported at AHIC’s March 23 meeting that

57 products have been certified. That’s over 25 percent of the total number of vendors we believe are in this space. And if you adjust for the market shares of the vendors, I would estimate that certified vendors represent over 75 percent of the marketplace. In this quarter, we’re in the midst of testing, but we’ve received 35 applications, which was the highest number ever; and if our percentages hold up, we’ll probably have over 80 products certified.

More recently, though, AHIC’s agenda has focused on Secretary Leavitt’s privatization plan. On June 12, during an extensive discussion of the plan, he explained that

I started off with the assumption that we wanted to get this out of government so it wasn’t dependent upon the future Secretary or the — some other person in government taking it seriously, as I hope this administration has, that it can become — it can gather energy from the industry itself, and from the healthcare family itself, and be self-perpetuating.

The Privacy Problematic

Whether or not Secretary Leavitt’s plan gets derailed by the Kennedy-Enzi “Wired for Health Care Quality Act,” divisions within “the healthcare family” over privacy protections for health IT continue to simmer. The former chair of AHIC’s privacy and security workgroup resigned in February over a lack of progress in strengthening privacy policies. A consumer representative on the Healthcare Information Technology Standards Panel cited similar concerns when she resigned her position in March. The Government Accountability Office says HHS lacks a comprehensive health IT privacy policy.

Several members of AHIC’s consumer empowerment workgroup registered a rare dissent at the March meeting cited above on the group’s recommendation to go forward with the effort to certify standards for personal health record (PHR) products, on the grounds that “there is, across the industry, across healthcare, across the consumer sector, not yet enough experience or understanding to achieve a unified recommendation regarding how to proceed,” as the Markle Foundation’s David Lansky put it.

Bipartisan support for health IT is deep and genuine. Disagreements make advocates on both sides of the privacy and privatization questions nervous. An outbreak of heated controversy could chill public confidence and stir up a privacy backlash. Ideological fault lines can be seen in the privatization discussion, but a coordinating council like AHIC ought to be able to function regardless of the logo on its letterhead — especially if it is meant to function on a consensus basis.

The shadow of the Health Insurance Portability and Accountability Act (HIPAA) looms large over both the privacy and standardization issues. HIPAA’s privacy protections don’t extend to PHRs or nascent regional health information organizations (RHIOs); and HIPAA’s “administrative simplification” provisions have been dismally ineffective. The Kennedy-Enzi bill is discreetly silent on HIPAA reform. Meanwhile, though, private-sector leadership on privacy and standardization policy is problematic based on first-mover issues and historical experience.

For better or worse, health IT policy may represent a test bed for system reform. With so much agreement about goals, the parties at interest ought to be able to work things out. If they can’t, what chance do we have on the larger issues?