State debates privacy permissions for health data

Exactly who should be permitted to see a patient's medical record--besides the patient and his or her physician--has become the subject of heated debate in the Maine legislature this past week. A bill was introduced (L.D. 1337) placing parameters on patient privacy with regard to electronic health records (EHRs) and Maine's health information exchange (HIE).

Currently, about half of Maine residents already are included in Maine's statewide HIE, HealthInfoNet. The HIE was created in 2007-08 by hospitals and other medical providers as a way to share medical records.

However, a number of groups--including patient advocates, some medical providers, and the Maine Civil Liberties Union (MCLU)--have been arguing that many patients don't even know they're in the HIE in the first place.

The bill, sponsored by State Sen. Roger Katz (R), calls for protecting "a patient's right to control what happens to their highly personal medical information," reports Healthcare IT News. Under the proposed legislation, patients would obtain the ability to "opt-in to be in the exchange"--meaning their medical records could only be stored in the system with a patient's permission.

Under the current system in Maine, healthcare providers can send the records into the HIE--unless the patient specifically ops out.

While supporters of the bill say patients would be protected against records being improperly used or even hacked, exchange leaders have been arguing that the system could become useless if it has too few records. As for security, they said that the system already has multiple encryptions to promote protection.

Last summer, the Washington-based eHealth Initiative reported that of the 199 HIEs it surveyed, 36 said they agreed to the opt-in approach, while 81 (41 percent) reported having an opt-out policy in which patient data is automatically included--until a patient elects to withdraw it.

For more information:
- see the Healthcare IT News article
- check out the WLBZ2 piece