The challenges of allowing for exchange of patient data while ensuring proper consent for information sharing from patients was the bulk of discussion during a meeting of privacy and security advisers to the Office of the National Coordinator Monday afternoon.
The Health IT Policy Committee's privacy and security workgroup addressed sections G and H of ONC's interoperability roadmap, which focus on an individual's permission to share their electronic health information, including with whom and for what purpose, as well as patient authorization of data.
ONC Chief Privacy Officer Lucia Savage (pictured) said during the discussion that the agency is working to bring standards to the situation where individuals are offered the choice of having their data exchanged or not.
ONC wants to get to a place where those standards help educate patients on what the choices they make mean, as well as educate physicians on how those choices will impact the data they receive and disclose, Savage said.
Patients are becoming more willing to share their health information publicly, but there is one caveat: It has to be for a good reason. The purpose for which their information would be used was even more important to the more than 3,000 respondents of a recent study, published in the Annals of Internal Medicine, than being asked their consent for the information.
Another conversation that needs to happen, Office for Civil Rights senior advisor Linda Sanches said at the meeting, is around necessity for disclosures for treatment.
"I think we can do a better job of explaining what is already permitted under the rules," she said.
As for authorization of information, Savage said that at the end of the day, ONC is looking for consistency so users of the system, no matter where they are, are receiving the info they are authorized to receive and disclosing the information they are authorized to disclose.
In addition, ONC also is working on distinguishing authorization and role-based access, with role-based access being driven by the public health information needs of a professional's role, Savage said.
"Not everyone has a need to see public health information," she said. "We do need to ensure that standards account for role-based access ... and that becomes, in practice, the norm."
The agency also has to figure out how to allow individuals to keep track of who is accessing their records, whether it's enabling individuals to better keep track of authorizations they've given or who's taken advantage of an authorization in place.
"We have that all in theory but we haven't figured out how to operationalize it and implement it nation-wide," Savage said.
To learn more:
- check out the meeting materials