Information exchanges bring new risks to hospitals
Information exchanges bring new risks to hospitals
States such as Maine, New York, Texas, Florida, California, and Michigan are setting up health information exchanges (HIEs), which are computer networks connecting disparate medical practices to help doctors share patient files online. Other states soon will follow. But have you considered the potential risks associated with these new avenues of data sharing?
There are serious risks to consider before jumping in to this new healthcare arena, says James M. Kunick, JD, chair of the Intellectual Property & Technology group at the Chicago-based law firm Much Shelist.
“From a sick patient’s perspective, an HIE is the greatest thing since sliced bread because it turns every hospital experience into a scene from Star Trek’s Enterprise, with the doctor able to link into a database with every bit of information about the patient,” Kunick says. “But making all the data so readily available raises all kinds of questions about consent and how you protect that data.”
Promoted as part of healthcare reform and the move toward meaningful use of electronic records, the goal of HIE is to facilitate access to and retrieval of clinical data to provide safer and more timely, efficient, effective, and patient-centered care. HIE is also useful to public health authorities in analyzing the health of the population.
Formal organizations are emerging to provide form and function for health information exchange efforts, many of them supported financially by statewide health information exchange grants from the Office of the National Coordinator for Health Information Technology. These grants were legislated into components of HITECH (Health Information Technology for Economic and Clinical Health Act) of the American Reinvestment and Recovery Act in 2009.
Due to a gap in the federal law, states can set their own rules about whether to inform patients that their information is being shared across the state, Kunick says. A major concern for patients is the threat of identity theft, because medical providers suffer more breaches than any other type of organization every year.
Most of the risks are related to the fact that a hospital is responsible for protecting a patient’s data, but it is turning that data over to another party, the HIE, which will then make it available to other parties, Kunick explains. That makes the situation ripe for a violation of HIPAA (Health Insurance Portability and Accountability Act). (See the story below for more on how a hospital can protect itself.)
One consideration is whether patients should have the ability to opt out of an HIE or if the HIE should obtain the patient’s opt-in before any data is shared, Kunick says. The federal regulation does not require an opt-in, he notes. “Not only should it be clear that patients have to opt in, but there also should be an option to opt in on a more conditional basis,” he says. “A patient should be able to say you can include general health information, for instance, but no information about sexual issues or past health concerns. If you don’t allow that option, there is the possibility that patients won’t be as candid with their doctors as they should be.”
Kunick cautions that although HIEs are being promoted by many groups as the way of the future, hospitals are lagging behind in their assessment of the risk.
“It’s one of a hundred things on their radar, and it hasn’t come to a head yet because there hasn’t been a ton of litigation and publicity about this,” he says. “That doesn’t mean you want to leave yourself exposed and get involved in making this issue better known.”
Source
• James. M. Kunick, JD, Chair, Intellectual Property & Technology Group, Much Shelist, Chicago. Telephone: (312) 521-2772. Email: [email protected].
States such as Maine, New York, Texas, Florida, California, and Michigan are setting up health information exchanges (HIEs), which are computer networks connecting disparate medical practices to help doctors share patient files online. Other states soon will follow. But have you considered the potential risks associated with these new avenues of data sharing?Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.