1 / 21

Interoperable Electronic Health Records, the American Reinvestment and Recovery Act, and Patient Privacy and Confident

Goals. Outline the concerns for privacy and confidentiality associated with the likely increase in use of interoperable EHRsDemonstrate the inadequacy of the current HIPAA regulatory regimeExplain several areas of current debate: de-identification, surveillance, research, and the protection of cat

khuong
Download Presentation

Interoperable Electronic Health Records, the American Reinvestment and Recovery Act, and Patient Privacy and Confident

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Interoperable Electronic Health Records, the American Reinvestment and Recovery Act, and Patient Privacy and Confidentiality Leslie Francis Distinguished Professor of Law & Philosophy Alfred C. Emery Professor of Law Adjunct Professor of Internal Medicine

    2. Goals Outline the concerns for privacy and confidentiality associated with the likely increase in use of interoperable EHRs Demonstrate the inadequacy of the current HIPAA regulatory regime Explain several areas of current debate: de-identification, surveillance, research, and the protection of categories of “sensitive” health information

    3. Distinguishing Privacy and Confidentiality Privacy: about access to, control over, the person Confidentiality: about control over information—how and on what authority it is shared The difference matters Having information in the system is important for many reasons (research, public health surveillance, treatment) But information may not get into the health care system unless people trust control over where it goes Depending on the context, we may need to protect confidentiality to protect privacy, or the converse Current debates confuse privacy with confidentiality Points to mention—much of what is called “privacy” protection (e.g. HIPAA) is really about confidentiality. That’s important, because what we want to think about is where information goes (and who has power over that). Also mention: Mark Siegler and confidentiality as “decrepit”Points to mention—much of what is called “privacy” protection (e.g. HIPAA) is really about confidentiality. That’s important, because what we want to think about is where information goes (and who has power over that). Also mention: Mark Siegler and confidentiality as “decrepit”

    4. Ethically: Privacy as Control of Access Autonomy—controlling access to the person is important to the individual’s ability to make central choices about his/her life Physical security—protection from bodily harm done by intrusion Freedom from intrusion—into the body, the home, other protected space The ability to form intimate relationships through controlling access Dignity—not being subject to contact, intrusion regarded as degrading Identity—protecting access as critical to individual or group identity Equality—ease of access to some but not to others may affect social positions (e.g. equality of women)

    5. Ethically: Confidentiality as Information Control Autonomy—control of choices about information Physical security—harm that may result when information is shared: throwing lepers off the Molokai cliffs or stoning patients with HIV Intimacy and identity—sharing information as a way of establishing intimacy Equality—protection from discrimination: e.g. ADA, GINA (the Genetic Information Non-discrimination Act)

    6. Interoperable Electronic Records in Primary Care Recent estimates (Health Affairs 2009) are that approximately one in eight physicians in the US today have even “rudimentary” electronic records systems Barriers cited in the literature include start up costs, productivity losses, lack of technical expertise, questions about which system to choose Clinical value of increased use of health IT is hypothesized but evidence is limited (e.g., Parente & McCullough, Health Affairs 2009); one recent study has linked EHR structural capacity in primary care practices to improved HEDIS measures (Friedberg et al., Annals of Internal Medicine 2009)

    7. ARRA ARRA includes $17 billion for adoption and “meaningful use” of EHRs by Medicare and Medicaid providers (up to $44,000 each; that would cover about 386,000 of the estimated 940,000 physicians in the US today) “Meaningful use” includes sharing information with other systems; functionalities including computerized order entry, transmissible prescriptions, drug interaction checking, updated problem list Ultimate goals include patient registries, quality improvement, public health promotion

    8. Confidentiality and Patient Trust The most widely quoted estimate is that a significant percentage of patients (1/6) withhold information from physicians because of concerns about whether it will be protected (California HealthCare Foundation, National Consumer Health Privacy Survey 2005). Almost 10% of patients chose not to “opt in” to Massachusetts interoperable EHR demonstration project, many citing privacy concerns (Tripathi et al., Health Affairs 2009) Harris poll re research using identifiable health information: 28% no consent or general consent in advance; 38% study-specific consent, 13% refuse to participate or be contacted, remainder unsure (2007, referenced in IOM 2009) This behavior may increase as the use of interoperable EHRs increases (CDT 2009) Patient trust is particularly jeopardized by unanticipated events, so it will be especially important to inform patients about interoperable records and confidentiality protection

    9. HIPAA Coverage—A Solution? Mis-described as a “privacy” rule—a confidentiality rule Applies to “covered entities”: health plans, health care clearinghouses, and health care providers who transmit health information in electronic form for which HHS has adopted standards—and their “business associates” Covers “protected health information”: any individually identifiable health information possessed by covered entities Does not cover: employment records, educational records, or de-identified data, even if health information is included in these records and they are otherwise possessed by a covered entity And . . . There’s much more HIPAA doesn’t do

    10. HIPAA: what’s outside coverage? Any entities that possess individually identifiable health information, but are not covered entities or their business associates: spas, for example Many PHR vendors: WebMD, Microsoft Healthvault, GoogleHealth, except if under business associate agreements Health 2.0: PatientsLikeMe, 23andMe Any data transferred with patient authorization out to an unprotected site

    11. HIPAA Exceptions to Authorization Health care operations—including business planning, insurance underwriting, quality assurance, and fraud and abuse detection Law enforcement—including child abuse, abuse of a vulnerable adult, information about victims, and information that might implicate family members (e.g. DNA from Pap smear) Public health—infectious disease surveillance, bioterrorism, any reportable condition Employers—information needed to comply with an OSHA request, a Mine Safety and Health Administration request, or other required workplace-related law FDA—adverse drug events, post-marketing surveillance information Research—if IRB has granted a waiver, or information is included in a “limited data set” “Serious threat”—to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone believed able to prevent or lessen the threat (including the target of the threat)

    12. Problems with Interoperable EHRs Deidentification?—and risks of reidentification Surveillance and informed consent Syndromic Registries Limits to research? Transfer of sensitive health information?

    13. Deidentification “Deidentified” data: created either by stripping out all of 19 listed types of identifying information (“safe harbor” rule), or by meeting expert standards regarding risk of reidentification Vastly increases the possibilities for use of information—but data are not covered by HIPAA once deidentified Concerns Risk of re-identification when data sets are combined, especially with publicly available data sets: statistically unusual patterns, genetic information and growth of personalized medicine, PHRs, health blogs, Health 2.0 Data “miners” (marketers, for example) may try to reidentify deidentified data in the public domain Harms from data uses even when identifiers are absent: important personal beliefs, community identity, group stigmatization; the 13% who would refuse to allow their data to be used in research

    14. Surveillance “Syndromic surveillance”—data are monitored for unusual patterns that may represent disease activity or terrorist activity Novel types of data used—google hits predicting flu outbreak Significance of a particular data point becomes apparent only after the pattern is discerned, so there is no way to engage in patient informed consent ex ante; compare traditional public health reporting, where the significance of a finding can be explained in advance (Source: Francis et al., Journal of Bioethical Inquiry 2009) Risks of stigmatization, job loss, even physical threat, e.g. to an index patient or to someone who has been identified as a danger

    15. Disease Reporting: New York’s Ha1C Registry Reporting of all Ha1C results by lab to registry (no opt out) Results reported only to patients, providers (not insurance companies or employers) Patients may opt out of reporting (but not registry) Preliminary results: 17% of patients say receiving the letters prompted them to make appointments; 50% remembered receiving the letter Justice concerns: pilot in South Bronx neighborhoods, stigmatization and racialization (Source, Chamany et al., Milbank Quarterly 2009)

    16. Research Concern that the HIPAA “privacy” rule is impeding health research—both too protective and too weak HIPAA and disclosure of PHI for research: By patient authorization: requires “a description of each purpose of the requested use or disclosure”; authorization that is “specific and meaningful”—very difficult to apply to stored specimens, biobanks, patient registries, where new research questions are proposed By waiver of authorization—if no more than minimal risk, adequate safeguards, research not “practicable” without the waiver or without access to the PHI No clear standards for minimal risk to confidentiality or for impracticability

    17. IOM Recommendations (2009) New, uniform privacy, confidentiality & security standards for all health research With these standards, exempt research from HIPAA Distinction between information-only research and direct, interventional research With informational research, certify institutions with protective policies and practices to facilitate use of large data sets for research without individual consent

    18. Sensitive Information Some patients regard particular categories of health information as especially sensitive, and would not want it shared with all providers as information is transferred across a RHIO or an NHIN Examples: genetic information, social history, reproductive history (e.g. abortion), substance abuse, mental health history Providers are concerned that incomplete records may lead to inadequate clinical care and do not want to make medical judgments without seeing the full interoperable record (but what do they see now, with siloed records?) Privacy/confidentiality advocates are concerned that if interoperable design fails to implement protections, patients will opt out of RHIO/NHIN (if given that choice), or will protect confidentiality by not accessing the health care system

    19. NCVHS Proposal EHR design should build in the capacity to segregate pre-designated categories of sensitive health information, which could be masked on transfer at patient request Flag to indicate that masking has occurred “Break the glass” feature for emergencies Drug interaction alerts maintained

    20. MAeHC—Opt in/out; preset categories “Opt-in” not “opt-out” Preset categories of information: medication list, problem list, diagnoses, immunization, allergies, smoking status, vital signs, procedures, lab results, radiology results Not: text notes, consult letters, scanned reports An approximately 90% opt in rate among patients—but 10% of patients chose not to participate, many citing privacy concerns (Source: Tripathi et al., Health Affairs 2009)

    21. Conclusions The use of interoperable electronic health records in primary care will continue to grow Patient confidentiality concerns are significant and inadequately protected with HIPAA If patients are to trust providers’ use of EHRs, it will be important to avoid “surprises” about their health information

    22. Areas of particular concern Entities outside of HIPAA and data transfers to them (even at patient request) Deidentification and “data mining” Syndromic surveillance and disease reporting Research: biobanking and personalized medicine Protection of categories of sensitive information, even as records are transmitted among providers

More Related