The adoption of electronic health records and a health information exchange (HIE) in the U.S. healthcare system, and the improvements in quality and cost that will result, has caused quite a stir across the country. Even amidst all of the excitement and optimism, many people are concerned about potential negative consequences, and much of the controversy centers around the interplay between individuals’ privacy rights and the effectiveness of these new technologies.
The Illinois Office of Health Information Technology was created in 2010 by executive order to coordinate and direct Illinois HIT and HIE initiatives. The OHIT and the Illinois Health Information Exchange Authority are working together to create the Illinois HIE (ILHIE). To ensure that patient privacy rights are adequately protected, OHIT created an ILHIE Legal Task Force to identify and address Illinois laws raising complex challenges to the exchange of health information.
While the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule lays out federal requirements governing the disclosure of a patient’s protected health information (PHI), this law sets a floor. States are free to enact more strict privacy regulations, and Illinois has done so in a number of areas. The Legal Task Force has created ten workgroups, each assigned a specific disclosure issue which the group will investigate and then recommend improvements to the Illinois disclosure laws in that area. These workgroups include PHI pertaining to behavioral health, substance abuse, HIV/AIDS status, and genetic testing.
While the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule lays out federal requirements governing the disclosure of a patient’s protected health information (PHI), this law sets a floor. States are free to enact more strict privacy regulations, and Illinois has done so in a number of areas. The Legal Task Force has created ten workgroups, each assigned a specific disclosure issue which the group will investigate and then recommend improvements to the Illinois disclosure laws in that area. These workgroups include PHI pertaining to behavioral health, substance abuse, HIV/AIDS status, and genetic testing.
In addition to the legal barriers, OHIT is currently investigating key policy questions impacting the information put in the ILHIE and access to information.
The first concern is whether patients should be granted a choice as to whether his/her information will be included in the ILHIE for use by health care professionals and others, and the extent of the effect given to this choice. Next, if patients are given this choice, the question becomes whether all patients should be given the chance to affirmatively decline or consent to the inclusion of their PHI in the ILHIE. If a patient decides he/she does not want to use the HIE, the permissibility and/or extent to which the patient’s data can be collected by the ILHIE for limited mandatory reporting (such as public health reporting) must also be addressed.
The first concern is whether patients should be granted a choice as to whether his/her information will be included in the ILHIE for use by health care professionals and others, and the extent of the effect given to this choice. Next, if patients are given this choice, the question becomes whether all patients should be given the chance to affirmatively decline or consent to the inclusion of their PHI in the ILHIE. If a patient decides he/she does not want to use the HIE, the permissibility and/or extent to which the patient’s data can be collected by the ILHIE for limited mandatory reporting (such as public health reporting) must also be addressed.
Another issue arises when a patient may desire that only specific aspects of his or her medical record are not exchanged, or that specific providers can be denied access to the information, and whether this request can be accommodated or whether the patient’s entire record must then be excluded from the ILHIE. Finally, if patients are given the choice as to whether or not to participate in the HIE, it must be determined what requirements, if any, should be placed on health care providers to inform the patient of the HIE and answer any questions, thereby ensuring the patient’s choice is truly meaningful.
Aside from the questions surrounding whether to include information in the HIE, barriers arise with respect to linking up the information within the HIE to the specific patient seeking health care. One question being addressed is whether the ILHIE should use a unique patient identifier to enable patient records to be accumulated and matched to the patient with accuracy. This is an important issue: problems can arise when other identifying information (such as name, birthday, gender, zip code, and/or all or part of the social security number) is used for this purpose, because patients having data in common, the entering of data in different formats at different facilities, and data entry errors can all prevent accurate record matching. If a unique patient identifier is not created for the ILHIE, the question then becomes whether regulations should be imposed upon providers to ensure a certain degree of patient matching accuracy is achieved with the use of their EHR system with the HIE.
The final policy question being addressed by OHIT concerns whether Illinois should enact its own laws and regulations governing patient rights with respect to their EHR, to supplement the rights already given to patients through federal law such as those giving patients the right to access their own medical records and request corrections.
For more information on the HIE or your information privacy and security, please visit the education page of the ILHIE or the Office of the National Coordinator.
Amanda Swanson, J.D., LL.M.
No comments:
Post a Comment