Last month marked a milestone in enhancing the protection of reproductive health information. Yet, this plan is only partially complete. Success now depends on the active involvement and collaboration of healthcare providers, patients and the health tech community.
I’ve been privileged to have an active role in and front seat to health data policy development and the maturation of healthcare technology for the last two decades. What it’s shown me is that without a concerted effort to build trust, allocate resources and engage in collaborative efforts to safeguard data, both patients and providers will fall short of reaping the benefits of data sharing and fail to shield themselves from unwarranted or unlawful data breaches. And, when it comes to sharing reproductive health information, the stakes are much higher: A potential breach of information could be life-threatening.
While the Biden administration modified HIPAA to prohibit disclosure of patient health information (PHI) to protect access to reproductive health care, this measure is only as good as the technology that healthcare providers and patients rely upon. This dual perspective—concern and opportunity—should grab the attention of both the healthcare and technology communities. Here are three ways leaders have the opportunity to ensure key federal policy measures like the HIPAA Final Rule can be meaningfully enforced.
Trust through transparency and accountability
Unfortunately, we don’t have to go far to identify recent examples of what isn’t working in PHI security. Just see the impact of the Change Healthcare breach or the fractured relationship between Epic and Particle Health. The lessons drawn from these incidents underscore the importance of accountability whenever PHI is in play.
When organizations share how processes and decisions are aligned in a transparent manner, it makes it possible for partners and providers to reciprocate. And this trust and transparency does not need to be one-to-one. Governance and enforcement are also key tenants. Providers in California are implementing the state’s Data Exchange Framework, which mandates certain entities to share information. Through this framework, entities are able to design use cases and workflows critical to defining how policies will affect patient information flows and data sharing, including those related to reproductive health. When entities are willing to hold up and share their work for others to follow—and are supported through formal governance and oversight—it helps keep patient information sharing both purposeful and protected.
Consent
I predict that e-consent will be one of the most important battlegrounds for appropriately sharing reproductive health information. While e-consent (consent gained through a digital system instead of a paper consent form) is not new, it represents a key part of the equation for who can and should gain access to reproductive information. This includes enabling patients to be active participants in who is able to see their information.
Based on my experience, the key components to successfully manage consent services include the importance of informed consent in facilitating data sharing, thereby enhancing service delivery and improving health outcomes, expediting the adoption of federal legal interpretations of consent to share, advancing technology and policy for consent management, developing standardized consent forms and establishing consent management programs in collaboration with multiple state agencies.
Embracing data sharing infrastructure
Ironically, one of the best ways to prevent unauthorized data access is to improve ways to share data. A stronger data sharing infrastructure, adopted nationally through TEFCA or locally, such as through California’s Data Exchange Framework, delivers strong tools, processes and guidelines. Data advancement is a team sport, and the more people that participate, the more likely everyone will benefit from a unified structure, harmonized regulations and evolving guidelines that focus data sharing on improving patient outcomes and allowing for protections as needed.
HIPAA is powerful, but it doesn’t provide the ability for providers and other responsible parties to execute upon its guidelines. While healthcare policy continues to evolve at every level of government, we need to spend the same amount of time and effort in investing in technology innovation, health data sharing policy, consent standards and coordinating efforts between health information exchanges and organizations across the country. Womens’ lives depend on it.
Timi Leslie is president of consulting firm BluePath Health and has over 30 years of experience in the healthcare industry, advising organizations on business strategy, technology innovation, partner relations, product management and system implementation. She also leads Connecting for Better Health, a coalition that strives to improve data sharing infrastructure with a goal of transforming health and social outcomes.