The President’s Council of Advisors on Science and Technology recently released a report entitled, “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward.”  It is a wonkish discourse on the future of health information technology. 

The report offers an interesting glimpse at what may be the next, next generation of health privacy: automated access controls (by patients and providers) over individual elements of a health record.  See page 41 for a description of the metadata-tagging technology that would enable this, and pages 51-52 for examples of how it would work in practice.

In this case, new technology may provide simpler ways to comply with the existing regulatory scheme.  Consider, for example, the task of drafting and interpreting patient authorizations and the related conundrum of competing authorizations.  Entities holding records often insist on having their own forms signed by patients, even if those seeking records have their own forms signed by patients.  In a metadata-tagged health IT environment, a protocol for authorization elements could be incorporated into data exchange, and the data to which the authorization refers would be much clearer.

Those involved in the use of data for non-treatment purposes, e.g. research, should be at the table in ironing out those protocols and procedures, at least if the framework is going to be enable compliance with the regulatory scheme and the research mission as opposed to frustrate it.