One of the greatest concerns in healthcare is patient privacy. Information is constantly being shared among providers across networks, but what’s being done to ensure that it’s secure?
Opt-In or Opt-Out?
In order to attest to stage 2 of meaningful use, physicians will need to electronically share patient information. It’s crucial that they be aware of privacy laws and patient consent rules to avoid liability issues. Under HIPAA, providers who are treating the same patient are able to exchange information with one another. However, in some states, patients may have to give further consent for information to be exchanged through Health Information Exchanges (HIEs). This is known as an “opt-in” choice and is now being implemented in many states; however, some are concerned that with opt-in, patients may not put in the effort to do so. Other states are applying “opt-out” policies, so that patients are able to opt out of exchanging their information online. As there’s no national standard enforced by the federal government, this brings up the matter of transferring information across different states.
The Office of the National Coordinator for Health IT (ONC) is promoting “meaningful consent”, encouraging patients to be well informed about their options and the significance of the decision they make. There are three main ideas behind this:
1. Patient Education:
Providers inform patients about what giving (or not giving) consent entails: which information is shared, who is given access to it, how it’s being protected, and what their options are.
There are three models of electronically documenting a patient’s decision:
- Consent bundled with information: The patient gives consent during treatment and their choice is passed on to other providers when information is requested.
- Metadata tagging: A code is added to information to “tag” it, thereby distinguishing consent choice.
- Centralized approach: Consent is managed by a database that allows access to information based on the patient’s choice.
3. Law & Policy:
Federal and state privacy laws requiring written consent must be considered before sharing information. HIPAA overrides those laws that don’t provide as much protection.
There are federal and state laws protecting records of sensitive information that patients may not want to share with certain providers, such as substance abuse, psychotherapy, etc. However, when using EHRs, separating information isn’t easily done because data is difficult to manipulate. Aside from the records that are categorized as sensitive; however, providers have the right to share what they deem necessary. Though patients can request privacy regarding parts of their information, the physician’s primary responsibility is to treat the patient and they’ll make the decision that will best enable them to do so.
Author: Apoorva Anupindi