The New York Times ran an interesting article earlier this week contrasting American and European personal data protection practices. In Europe, the right to privacy is considered fundamental, and accordingly most European countries have passed extensive privacy laws and established governmental agencies to specifically deal with data protection. The United States government tends to treat privacy as an afterthought, enacting laws as a form of damage control. Americans tend to treat privacy as a consumer issue, placing their trust in business more often than they do the government. This has been a key factor in the growth of commercial databases such as ChoicePoint.

Those wishing to get a more in-depth look at international privacy laws and attitudes should take a look at EPIC and Privacy International’s joint 2003 Privacy and Human Rights report. Over fifty-five countries are included in the report, which also attempts to document the privacy-related responses to the September 11 terrorist attacks.

President Bush called for the adoption of electronic health records in his 2004 State of the Union and extolled their benefits, saying that “by computerizing health records, we can avoid dangerous medical mistakes, reduce costs, and improve care.” In 2005’s State of the Union, he reiterated his desire to seek “improved information technology to prevent medical error and needless costs.”

Recently, a Congress health subcommittee has been reviewing the efforts to deploy electronic medical records (EMRs) and has found progress to be “disappointingly slow” (according to Rep. Johnson, R-Conn.). The hearing (detailed in this CNET article) reviewed the pros and cons of moving towards paperless systems and included testimony from several health and privacy experts. Particular concern was noted for HIPAA’s lack of coverage of non-insurance health transactions; this means that medical records used in these transactions are not governed by the strict security and privacy requirements. It was noted that the lack of a uniform federal privacy standard may also make the deployment of an EMR system much more complicated.