Give Patients EHR Control, Says Civil Liberties Union - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Patient Tools
News
3/8/2012
09:29 AM
50%
50%

Give Patients EHR Control, Says Civil Liberties Union

A New York Civil Liberties Union report urges New York State health officials to provide patients with greater control over their health records.

Health Data Security: Tips And Tools
Health Data Security: Tips And Tools
(click image for larger view and for slideshow)
A report from the New York Civil Liberties Union (NYCLU) says there are significant flaws in New York State's current privacy and security policies and procedures governing computer networks that share electronic medical records. Those flaws limit a patient's ability to control the dissemination of their health records.

The new report – Protecting Patient Privacy: Strategies for Regulating Electronic Health Records Exchange – is a 34-page document that acknowledges the benefits of sharing patients' health records electronically, but also laments the current policies and procedures in New York State that allow providers to upload patient records without a patient's consent.

Furthermore, the report said New York State, which has already invested more than $840 million in developing electronic information sharing networks for medical records, is building a health information exchange infrastructure that represents an all-or-nothing approach for providers to access medical records. The problem here, the report says, is doctors who obtain a patient's medical records can see that patient's entire medical history, including information they may not need for the specific condition they are treating.

[ Learn about how one hospital is using biometric technology to beef up the security of patient records. See Biometrics Shore up Patient Data Security. ]

"New York State has erred on the side of providers and not on the side of patient privacy," Corinne Carey, NYCLU's assistant legislative director, told InformationWeek Healthcare. "What I think is problematic is that patients are not able to control which kinds of providers access which kinds of data. For example, a podiatrist does not need to see the details of a sexually transmitted disease that occurred 10 years ago or a substance abuse disorder that the patient dealt with 15 years ago."

The report focuses on patients who may have a heightened concern regarding the privacy of their information, such as those with a history of substance abuse, patients who have been raped, and patients who have had an abortion. These patients deserve to have an electronic health data exchange system that can sort and segregate information by data type (blood test, diagnosis, or procedure), by provider (gynecologist, psychologist, internist), or by time (a procedure that occurred five years ago).

"Allowing patients to retain a measure of control over their medical records will increase confidence in the system's ability to safeguard confidentiality," the report states.

The NYCLU also urged New York State health officials to revisit policy choices that empower patients to control the dissemination of their medical records, but not before giving a few recommendations of their own.

Among the NYCLU's recommendations:

-- Require the electronic systems employed by HIEs to have the capability to sort and segregate medical information in order to comply with guaranteed privacy protections of New York and federal law. Presently, they do not.

-- Offer patients the right to opt out of the systems altogether. The state should revisit its decision to upload patient information to the system without patient consent. Barring that, the state must adopt a policy that would allow patients to affirmatively opt out of the system so that their medical information is not included in the network.

-- Prohibit health information exchanges from selling data. The New York State Legislature should pass legislation prohibiting HIEs from selling patients' private health information.

-- Carefully regulate the use of commercially available personal health records (PHRs). A number of commercial vendors, such as Microsoft HealthVault, currently offer patients the ability to collect, store, and manage their own medical information online. Under existing law, it is unclear to what extent these commercial entities are bound by Health Insurance Portability and Accountability (HIPAA) Act or New York State confidentiality laws. State law should extend confidentiality obligations and protections to private entities that offer PHRs.

In response to the report, Peter Constantakes, spokesman for the New York State Department of Health, said the department "believes that our current policies comply fully with federal and state laws and that patient information is well protected under the current set of policies, but we are always looking for ways to improve the system."

Constantakes also told InformationWeek Healthcare that New York has an annual review process of the policies and procedures that guide the state's patient data privacy and security rules.

"A new policy committee will be reviewing comments submitted as part of the annual review process last year and making recommendations on changes to the current version of the privacy and security policies and procedures. All comments will be discussed, including comments submitted by the NYCLU," Constantakes said.

Healthcare providers must collect all sorts of performance data to meet emerging standards. The new Pay For Performance issue of InformationWeek Healthcare delves into the huge task ahead. Also in this issue: Why personal health records have flopped. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tlocks
50%
50%
tlocks,
User Rank: Apprentice
3/22/2012 | 2:54:08 PM
re: Give Patients EHR Control, Says Civil Liberties Union
The patient should not have only rights they should be able to consolidate and manage their own records and make them available to their providers.
It should not be the reverse. The records belong to the patient.
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll