What if the possibility that sensitive information could be disclosed in non-targeted queries kept patients from allowing any of their health information to be exchanged?
The ONC's Health IT Policy Committee has decided that scenario requires more study, reports HealthcareInfoSecurity. The committee in April approved recommendations from its Privacy and Security Tiger Team, including:
- A provider's targeted query for information from another provider when directly treating a patient
- Targeted queries between providers in states with privacy laws more stringent than HIPAA
However, a third scenario was presented at a meeting on Tuesday, in which a provider asks a health information exchange for all records on a patient when the providers are not known.
While patients might be more concerned about disclosure of treatment for substance abuse or a mental health issue, they might also want to restrict disclosure of other information.
Michigan Health Connect gives patients the ability to opt out, but it also explains in its privacy policy how that might leave clinicians without a complete picture and result in less-than-optimal care. Doug Dietzman, MHC executive director, told Health IT Security that technical standards and regulations are lacking for allowing patients to participate in an HIE, but with restrictions on some of their data.
"It can be very problematic if a patient places restrictions on items such as cholesterol," Dietzman said. "Or they say it's only OK for a certain set of providers to see their information. Technically administering that and ensuring it's met is extremely difficult. And if you're trying to solve a medical issue and you want to give the doctors all the context they need, then if there's a record in which the patient has taken out half of the data, those doctors are no longer going to trust what they're getting …"
Concerns about privacy and control over data also have been an issue with the Florida Health Information Exchange. Smaller practices in the Sunshine State have expressed worries about losing control of records, and have complained that their concerns have been ignored by large hospitals leading the effort.
The Washington, D.C.-based eHealth Initiative, responding to a request for information issued in March by the U.S. Department of Health & Human Services, listed "variances in privacy rules across states that inhibit exchange of information" among the urgent policy issues that must be worked out. It's overall theme, though, was that excessive federal regulation of HIEs would inhibit innovation and development.
To learn more:
- find the Healthcare Info Security article
- here's the Health IT Security piece