They've got an app for that
There's a law requiring providers of federal funded drug and alcohol treatment services to obtain a patient's consent before disclosing their medical records to another provider or to a health information exchange.
Does your electronic health record enable you to segregate those records, store those patient consent directives and remind you that you need to obtain patient consent to move patient-constrained medical information?
There's another federal law that requires providers to honor a patient's request to withhold sending to his insurance company that portion of his record for care and treatments paid for by the patient out-of-pocket.
Can your EHR help you comply with that law?
Forget about the law for a minute. What if your patient simply asks you to not disclose her diagnosis of depression in an otherwise patient-approved exchange of records with a specialist? Can your EHR parse out the code for that sensitive diagnosis from the rest of your electronic care summary?
If you're like most doctors and hospitals, the answer to all of the above questions is: no.
The Veterans Affairs Department demonstrated at the Health Information and Management Systems Society convention this week a new patient privacy consent management technology, that could help providers say “yes” to all of these questions. The software has been designed to work with the federal government's open source Connect project, which is billed as a common on-ramp to the nationwide health information exchange. The Substance Abuse and Mental Health Health Services Administration also demoed at the showcase a patient and provider privacy consent template using the VA's technology.
The Veterans Health Administration plans to roll out the new privacy interface in a couple of months, according to Mike Davis, security specialist at the VA and the project leader. Initially, the VA will turn on only the function that allows a veteran to electronically control through clicks on a web portal whether they want to opt in or opt out of being able to exchange their medical records with providers outside the VA.
But the standards-based privacy technology also can tag specific data elements in a patient's record. If all its switches are turned on, the VA technology enables patients and providers to perform far more “granular” tasks of consent management. For example:
Does the provider want to record a patient's preference to opt in or opt out of a health information exchange? Can do.
Does the patient want to send their records to one healthcare organization but not another? Check.
The aim was to provide a balance between a patient's privacy desires and a clinician's need to know a patient's true condition and respond in an emergency, Davis said.
Davis and Duane DeCouteau walked me through my demo at HIMSS. DeCouteau is a senior technologist at the VA's Office of Health Information and a senior software architect with Dayton, Mont.-based Ascenda Healthcare. Here's a video clip of an interview I did with Davis at the show in which he explains the system in more detail. (Click the image to view the video.)