How data would be obtained and used in a health information exchange is a concern for the confidentiality, privacy and security work group of the American Health Information Community, which said it will ask for more input before making HIE privacy and security recommendations to the full community.
The work group, which wants to develop consumer controls over information as it is passes through HIEs, currently is untangling issues surrounding patient choice as data become increasingly electronic. It already has determined three levels of choice consumers have about how their data are disclosed in electronic health recordsdeciding that consumers have all the rights held under current Health Insurance Portability and Accountability Act and state laws, an opt-out or opt-in choice, or granular choices of disclosure based on sensitive data.
In its Feb. 5 session, the work group discussed its list of so-called "higher than HIPAA" guidelines through which it wants to ensure consumers are informed about how their data are used. The group reviewed specific subcategories within the health privacy law that it believed need more clarification, such as uses for health oversight activities, judicial and administrative proceedings, and law-enforcement purposes. The work group will also gather more information about using patient data for marketing, another HIPAA subcategory.
The group hopes to create stronger standards around these subcategories to maintain privacy as it determines the level of consumer choice, said Deven McGraw, chief operating officer of the Washington-based National Partnership for Women & Families, who co-chairs the work group. While the group is considering recommending that patient data be culled from exchanges only for treatment and payment uses, it will ask for more information from research organizations and health departments about extracting data from HIEs for research and public policy purposes, she said.
"A lot of the work group members felt (treatment and payment) was an appealing limit," but the group will explore public good opportunities for using data in research and public health needs, she said. "That's a question we need to resolve."
The privacy group will present a letter of recommendation to the full community during an AHIC meeting at the HIMSS conference in Orlando urging the federal agency to extend HIPAA requirements to information exchanges. The second part of the recommendation, consumer choice in data disclosure, will take more time, McGraw said.
"It's a painstaking process. We're not moving fast; we're being very thoughtful about this," she said.
The privacy work group will hold its next meeting at 1 p.m. EST March 3.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.