It seems fitting that this week's 2013 Consumer Health IT Summit, designed to "equip and empower patients to better manage their health in the digital age," is being held on the eve of HIPAA's Sept. 23, 2013, compliance deadline, which ushers in increased privacy and security requirements.
I fear, though, that patients may be receiving mixed messages.
The federal government--eager to increase patients' engagement in their own healthcare, as well as to help providers meet the patient engagement requirements of Stage 2 of Meaningful Use--is exhorting patients to "trust" health information exchanges (HIEs), stressing how HIE governance places a high value on privacy and security of patient information, reminding providers about the privacy and security requirements of the incentive program, and launching a site to help providers engage patients in the electronic sharing of their information.
But simply telling patients to trust that their electronic data will be well taken care of doesn't mean it's true.
And patients, understandably, are wary. A recent study in the Journal of the American Informatics Association reports that nearly one in eight patients has withheld information from their healthcare providers due to security concerns. Moreover, most of the respondents were very concerned about the security of their information when it was being shared electronically or by fax. Just last week, advocacy organization Patient Privacy Rights sent a letter to the U.S. Department of Health & Human Services urging the agency to improve privacy protections of patients' electronic health records, particularly in the cloud and in HIEs.
Frankly, the more stringent HIPAA protections aren't going to help much if providers continue to be lax about privacy and security, and don't even police themselves; I've read about at least three instances in recent weeks where providers, who should know better, posted patient photos online.
It's all fine and dandy to impose harsher penalties and expand a patient's right to an accounting of disclosures, but it's rather like closing the barn door after the horses have escaped.
Moreover, why should patients trust providers, when it appears that providers don't trust patients, either? A survey published this week by Accenture reveals that while patients increasingly want access to their electronic health records, less than one-third of the doctors polled would provide them with full access. Why don't the doctors trust the patients? Are they afraid the patients won't understand the records and will ask more questions? Or that, once armed with their records, they'll become more involved in their care and treatment and possibly get in the way?
The whole point of patient engagement is to ... well, engage the patient. But that goes hand in hand with trust. Providers and patients need to trust each other--and each needs to be trustworthy.
The program will be flawed and potentially unworkable if these trust issues are not resolved. - Marla (@MarlaHirsch)