The Privacy & Security Tiger Team of the federally chartered Health IT Policy Committee has issued a series of recommendations that call on providers and other users of patients' personal healthcare information to be more transparent about who gets to see that information and for what purpose.
The
Health IT Policy Committee meets Wednesday at 9 a.m. ET.
Under HHS rules amended in 2002 pursuant to the Health Insurance Portability and Accountability Act of 1996, patients have little control over the disclosure of their medical records because hospitals, physicians and other so-called covered entities defined under HIPAA can disclose patient information without patient consent for treatment, payment or other healthcare operations.
A list of four "core values" about the exchange of patient information posted on the
Office of the National Coordinator for Health Information Technology's website in advance of Wednesday's meeting updates a three-item list issued in August.
The tiger team previously asserted that:
- Patients should not be surprised to learn what happens to their health information.
- The provider-patient relationship is the foundation for trust in health information exchange.
- Providers are responsible for ensuring the privacy and security of patient information but may delegate functions to business associates if done in a trustworthy manner.
The group's new fourth value is:
- Transparency about information exchange practices is a necessary component of establishing credibility with patients. In achieving greater openness and transparency for patients, we need to balance the need to give patients complete information on how their information is shared while at the same time providing information in a form that is manageable for patients to read and understand.
For example, the tiger team included in its recommendations a sample patient notice for providers who will send medical records to a regional or state health information exchange. It reads:
“We send an electronic copy of your medical record to the state health information organization, which makes your data available to other healthcare professionals. We also use a gateway for electronic submission of prescriptions, which keeps a copy of your medications profile. If you want to learn more details about how we perform electronic exchange of data, you may request a copy of our detailed information exchange description."
The Health IT Policy Committee was created by the American Recovery and Reinvestment Act of 2009 and provides advice to the ONC at HHS. The tiger team
was created in June to provide expedited advice to the ONC on healthcare IT privacy and security issues in the run-up to launch of the federal electronic health-record incentive-payment program, which kicked off Oct. 1 for hospitals and will begin Jan. 1, 2012, for office-based physicians.
