Over on the WSJ Health blog there is a quick posting on how Microsoft joined with some 40 plus organizations including the ACLU, AIDS Action, and Gun Owners of America, to name a few in lobbying Congress, via letter, to update the nation’s privacy laws.

Just as important as who is on the list are those who are not. Microsoft is the only leading software company, there are no insurance companies, no major hospitals, no major employers (e.g., Dossia’s sponsors), no AMA (though there is the American Chiropractors Association, American Association of Psychiatrists and American Psychoanalytic Association). Why these others not signing on to such a petition strikes me as a bit odd.

This is an important issue though that needs national (i.e., Congressional) action.

While attending the AHRQ event last month, I sat in on a session that focused on security and privacy, their current state across the country and potential impact to Regional Health Information Organizations (RHIO) or Health Information Exchanges (HIE). RTI International presented the results of their recent research on privacy and security policies and laws across the US. They found a very convoluted system with little if any consistency nationwide.

RTI’s research included a survey of nearly 4000 respondents in 38 states. They found broad variation of opinions on what actually constitutes privacy and the means by which they insure such for the patient. In some states with little if any privacy laws, HIPAA is the the ceiling. In other states, HIPAA is the floor and these states have passed laws that go well beyond HIPAA to protect a patient’s privacy. To only makes matters worse, what they also found is that in many states, privacy laws are scattered across any number of statutes that have been passed over the years making it extremely difficult for providers to know what they may be liable for, thus further hindering any form of consistent approach to patient privacy.

Yes, it is time for Congress to go back to the drawing boards and develop a clear and consistent set of statutes and policies for the nation to insure patient privacy. Until that is done, all this talk about an NHIN (National Health Information Network) is wasted breath.