GAO: Patients benefit from HIEs
A February report by the Government Accountability Office (GAO) on health information exchanges (HIEs) cited ways that sharing electronic personal health information about a patient has had a positive effect on the quality of care providers deliver to patients.
The Washington, D.C.-based agency conducted four case studies of more than 60 operational HIEs and a selection of each of the exchanges’ participating providers.
The GAO sought to describe the practices implemented for disclosing personal health information for purposes of treatment, including the use of electronic means for obtaining consent, as reported by selected HIE organizations, their participating providers and other entities. In addition, the GAO wanted to know the effects of the electronic sharing of health information on the quality of care for patients as reported by these organizations.
“Both the providers and exchanges in the study described practices that limit disclosure of information, secure electronic information that they store and transmit and help ensure accountability for safeguarding electronic personal health information,” the agency stated.
Reviewing the positive examples of an HIE, officials from two exchanges stated that they provide a direct connection from participating hospitals to their state’s Department of Public Health for real-time reporting of conditions and for supporting the early detection of disease outbreaks, the reported noted.
According to the report, a large hospital that participated in one of the exchanges reported that a cardiologist was able to obtain an abnormal laboratory result electronically from the exchange one day earlier than he would have otherwise. “This timely access to the patient’s electronic health information allowed the provider to perform earlier intervention for a potentially life-threatening condition,” the report noted.
Another hospital reported that the information obtained through its HIE helped an emergency department physician ascertain that a patient who was requesting medication for pain had been in five area hospitals in seven nights seeking pain medication. The information exchanged throughout the system led to the decision to not prescribe the patient any additional pain medication, the report noted.
The GAO also found that the healthcare entities that were studied had implemented disclosure practices that reflect accepted practices for safeguarding personal information. This helps ensure the appropriate use and disclosure of electronic personal health information for treatment purposes.
The “Fair Information Practices” listed in the report include:
Informing individuals about the use of their information and how it is to be protected: The public should be informed about privacy policies and practices and individuals should have ready means of learning about the use of personal information.
Obtaining individual consent: The collection of personal information should be limited, should be obtained by lawful and fair means, and where appropriate, with the knowledge or consent of the individual.
Facilitating individual access to and correction of records: Individuals should have the following rights: To know about the collection of personal information, to access that information, to request correction and to challenge the denial of those rights.
Limiting use and disclosure to a specific purpose: Personal information should not be disclosed or otherwise used for other than a specified purpose without the consent of the individual or legal authority. The purposes for the collection of personal information should be disclosed before collection and upon any change to that purpose, and its use should be limited to those purposes and compatible purposes.
Providing security safeguards: Personal information should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification or disclosure.
Ensuring that data are accurate, timely, and complete: Personal information should be relevant to the purpose for which it is collected, and should be accurate, complete and current as needed for that purpose.
Establishing accountability for how personal information is protected: Individuals controlling the collection or use of personal information should be accountable for taking steps to ensure the implementation of these principles.
The Washington, D.C.-based agency conducted four case studies of more than 60 operational HIEs and a selection of each of the exchanges’ participating providers.
The GAO sought to describe the practices implemented for disclosing personal health information for purposes of treatment, including the use of electronic means for obtaining consent, as reported by selected HIE organizations, their participating providers and other entities. In addition, the GAO wanted to know the effects of the electronic sharing of health information on the quality of care for patients as reported by these organizations.
“Both the providers and exchanges in the study described practices that limit disclosure of information, secure electronic information that they store and transmit and help ensure accountability for safeguarding electronic personal health information,” the agency stated.
Reviewing the positive examples of an HIE, officials from two exchanges stated that they provide a direct connection from participating hospitals to their state’s Department of Public Health for real-time reporting of conditions and for supporting the early detection of disease outbreaks, the reported noted.
According to the report, a large hospital that participated in one of the exchanges reported that a cardiologist was able to obtain an abnormal laboratory result electronically from the exchange one day earlier than he would have otherwise. “This timely access to the patient’s electronic health information allowed the provider to perform earlier intervention for a potentially life-threatening condition,” the report noted.
Another hospital reported that the information obtained through its HIE helped an emergency department physician ascertain that a patient who was requesting medication for pain had been in five area hospitals in seven nights seeking pain medication. The information exchanged throughout the system led to the decision to not prescribe the patient any additional pain medication, the report noted.
The GAO also found that the healthcare entities that were studied had implemented disclosure practices that reflect accepted practices for safeguarding personal information. This helps ensure the appropriate use and disclosure of electronic personal health information for treatment purposes.
The “Fair Information Practices” listed in the report include:
Informing individuals about the use of their information and how it is to be protected: The public should be informed about privacy policies and practices and individuals should have ready means of learning about the use of personal information.
Obtaining individual consent: The collection of personal information should be limited, should be obtained by lawful and fair means, and where appropriate, with the knowledge or consent of the individual.
Facilitating individual access to and correction of records: Individuals should have the following rights: To know about the collection of personal information, to access that information, to request correction and to challenge the denial of those rights.
Limiting use and disclosure to a specific purpose: Personal information should not be disclosed or otherwise used for other than a specified purpose without the consent of the individual or legal authority. The purposes for the collection of personal information should be disclosed before collection and upon any change to that purpose, and its use should be limited to those purposes and compatible purposes.
Providing security safeguards: Personal information should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification or disclosure.
Ensuring that data are accurate, timely, and complete: Personal information should be relevant to the purpose for which it is collected, and should be accurate, complete and current as needed for that purpose.
Establishing accountability for how personal information is protected: Individuals controlling the collection or use of personal information should be accountable for taking steps to ensure the implementation of these principles.