WASHINGTON -- Bring up the subject of digitizing medical records and you're likely to get a paradox of a discussion. Everyone thinks it will help save money and improve health care, and everyone has grave reservations.

Get ready to hear more as a massive economic stimulus bill works its way through Congress, which includes IT health care spending measures. Although lawmakers are close to pulling the trigger, ensuring the privacy of patients' electronic health records (EHR) remains a top concern.

"I very firmly believe that the Achilles heel of health IT is privacy," said Sen. Jim Whitehouse, a Rhode Island Democrat who chaired a hearing this morning examining the appropriate safeguards government should insist on before it doles out billions of dollars to help providers computerize patients' records.

Champions of health IT argue that EHRs and interoperable systems to integrate data among providers would drive down healthcare costs while greatly reducing medical errors. Just 17 percent of physicians currently have even basic EHRs. The Center for Disease Control has estimated that as many as 98,000 preventable deaths occur in U.S. hospitals each year, many of which could presumably been avoided with more accessible patient data.

"If 100,000 Americans were being killed by anything else, we'd be at war," Whitehouse said.

But for many doctors and institutional providers, the cost of implementing sophisticated IT systems can be prohibitive. To move past that roadblock, both the House and Senate stimulus bills would allocate substantial funding for health IT systems -- and hopefully create jobs building and maintaining those systems in the process. The House bill contains $20 billion in government spending and tax credits; the Senate version would allocate $22.9 billion.

At this morning's hearing, members of the Senate Judiciary Committee heard testimony from witnesses representing private industry, government, the medical community and the public-interest sector. Almost in chorus, they championed health IT, but warned that without adequate privacy safeguards, patients would opt out of electronic record-keeping and providers would be reluctant to share their data.

The testimony of James Hester, director of the Health Care Reform Commission in the Vermont State Legislature, was typical:

LATEST NEWS

Microsoft's Reliability Update Triggers Crashes
Microsoft Denies Windows 7 Tied to Battery Issues
Google Wants Chinese Look-Alike to Knock It Off
Pip.io: Not Just Another Social Network?
Google Plans to Twitterize Gmail?

"Unless consumers are confident that their information is secure and will be used appropriately, they will not participate in electronic information exchanges. Unless providers believe that the administrative burdens are reasonable and the information is reliable, they will not participate in such exchanges either."

Some of the immediate beneficiaries of an infusion of government money toward health IT would be the tech firms that have already brought products to market. Like its rival Google (NASDAQ: GOOG), Microsoft (NASDAQ: MSFT) has rolled out a personal healthcare portal, and with it offered emphatic assurances that privacy is a paramount concern.

Michael Stokes, Microsoft's lead program manager for its HealthVault product, echoed the testimony of the other witnesses that privacy safeguards were key to getting patients and providers on board. But while some called for a cautious approach to allow the government to develop a uniform privacy framework, Stokes urged against any delay.

"I don't think we can wait one year or even one month or one day," he said. "We hope there will be restrictions and legislation in a month to provide more universal support. We hope there will be standards and certifications in a year to provide even better support. But we cannot wait."

In arguing for a fluid and adaptable privacy framework, Stokes reprised the testimony of Peter Neupert, Microsoft's corporate vice president, who appeared before the Senate Health Committee last week.

They warned that a rigorous and inflexible standards program would threaten to choke off innovation in the fast-evolving field of health IT.

Stokes said today that he supports the House bill essentially as it is written, but would like to see clarifications in the language detailing the legal responsibilities of non-medical providers, such as Microsoft.

The other witnesses expressed general support for the bill, but carped at some of the specific provisions.

For instance, one of the privacy safeguards built into the bill requires patient consent before their information is distributed electronically. That might not be controversial on its face, but David Merritt, project director at the Center for Health Transformation, warned that the bill goes too far in allowing patients to block the use of their information for medical research after it has been irreversibly anonymized, or "de-identified." That clause would almost certainly undermine the integrity of research by skewing the sample group, he said.

Then others, while reaffirming their general commitment to health IT, said that the bill's privacy protections are too vague. They asked the senators to add details laying out a tiered system for who could access what sort of information to fit into a more comprehensive privacy framework -- just the sort of delay Microsoft's Stokes spoke against.

But given the urgency of the stimulus package, those concerns might have to wait for another day.