CHIME/HIMSS: Privacy concerns take center stage at meaningful use panel
ATLANTA—Whether enough is being done to protect the rights of patient data, while simultaneously allowing for health information to be exchanged amongst care providers under the proposed meaningful use definitions, became an area of contention during today's Meaningful Use Town Hall discussion during the CIO Forum, co-hosted by CHIME and HIMSS, at the HIMSS10 conference.
Deborah Peel, MD, founder and chair of Patient Privacy Rights, explained that the problems have evolved as the sharing of information has expanded and technology continues to proliferate. “There are databases everywhere and a heightened push to share data has led to a lack of control,” she said. “The goal needs to be getting patient information back into the hands of patients.”
Originally, providers had to get the consent of the patient to use their personal health information (PHI), based on a law signed by President George W. Bush in 2001, recognized as “right of consent,” Peel said. However, she lamented that the fact that consent provisions were replaced in 2002, granting regulatory permission of covered entities to make the decision on how to use a patient’s PHI, thereby, eliminating the “right of consent.”
Concerning the meaningful use definition, Peel said her group is not “really happy” with the proposal because it does not define privacy and the right of consent is not restored. Still, she praised some new protections in the HITECH Act—not all in the meaningful use definition, including: a ban on sales of PHI; segmentation; audit trails for three years; breach notice; encryption; and a right to restrict disclosures of PHI for payment and HCO if pay out of pocket. She said that regulators need to focus on “control.”
Elizabeth O. Johnson, BSN, RN, vice president of applied clinical informatics at Tenet Healthcare, who also serves a member of the Health IT Standards Committee, said it was truly important to maintain a balance between the protection of patient data with the need for better, more integrated patient care.
However, when the concept of a national patient identifier was raised by an audience member, a heated discussion ensued between Peel and Paul Tang, MD, who serves on the Health IT Policy Committee and chair of the U.S. Meaningful Use Workgroup, as well as serving as vice president and CMIO of Palo Alto Medical Foundation.
Peel analogized the single patient identifier to the problems that have affected Social Security numbers. "Single IDs have been rejected for decades. A single ID is very subject to abuse and misuse, and frankly, there is no need for a single ID number," she said. "It may make things simpler for people to get the right information at that right time, but that can also be accomplished through asking the patient. The right to consent is really the cheapest and simplest way to have health information exchange.”
Conversely, Tang, who defined himself as a “privacy advocate” said that one of the biggest harms is brought about when the care giver cannot connect to a patient's health information. "When we can't get the proper patient information at the point of care, we put the patient at risk," he explained. "The vast majority who will seek to access a patient identifier would be seeking to do good with the information, compared with the small minority seeking to do harm with the information. It's an issue that needs to be discussed because it stands in the way of proper care for the patient."
He also added that those with financial means and malicious desire may be able to access patient data, regardless of a national patient identifier.
Also, another audience member questioned the practical sustainability of having nurses having to repeatedly call up patients to keep track of their patients’ information. In his rural facility, he is concerned about the amount of staff required for such consent. Johnson, who also serves at a rural facility, reiterated those practical concerns, especially as she is attempting to manage patient data across 50 hospitals.
Peel conceded that the technical aspects of not being able to recall a patient within a particular system needs to be addressed, but she reiterated her bigger concern over a national patient identifier as being too simple a solution, which could leave patients more exposed.
David Blumenthal, MD, the National Coordinator for Health IT, has planned a privacy workshop for later this spring to discuss many of these concerns, according to the panel members.
Deborah Peel, MD, founder and chair of Patient Privacy Rights, explained that the problems have evolved as the sharing of information has expanded and technology continues to proliferate. “There are databases everywhere and a heightened push to share data has led to a lack of control,” she said. “The goal needs to be getting patient information back into the hands of patients.”
Originally, providers had to get the consent of the patient to use their personal health information (PHI), based on a law signed by President George W. Bush in 2001, recognized as “right of consent,” Peel said. However, she lamented that the fact that consent provisions were replaced in 2002, granting regulatory permission of covered entities to make the decision on how to use a patient’s PHI, thereby, eliminating the “right of consent.”
Concerning the meaningful use definition, Peel said her group is not “really happy” with the proposal because it does not define privacy and the right of consent is not restored. Still, she praised some new protections in the HITECH Act—not all in the meaningful use definition, including: a ban on sales of PHI; segmentation; audit trails for three years; breach notice; encryption; and a right to restrict disclosures of PHI for payment and HCO if pay out of pocket. She said that regulators need to focus on “control.”
Elizabeth O. Johnson, BSN, RN, vice president of applied clinical informatics at Tenet Healthcare, who also serves a member of the Health IT Standards Committee, said it was truly important to maintain a balance between the protection of patient data with the need for better, more integrated patient care.
However, when the concept of a national patient identifier was raised by an audience member, a heated discussion ensued between Peel and Paul Tang, MD, who serves on the Health IT Policy Committee and chair of the U.S. Meaningful Use Workgroup, as well as serving as vice president and CMIO of Palo Alto Medical Foundation.
Peel analogized the single patient identifier to the problems that have affected Social Security numbers. "Single IDs have been rejected for decades. A single ID is very subject to abuse and misuse, and frankly, there is no need for a single ID number," she said. "It may make things simpler for people to get the right information at that right time, but that can also be accomplished through asking the patient. The right to consent is really the cheapest and simplest way to have health information exchange.”
Conversely, Tang, who defined himself as a “privacy advocate” said that one of the biggest harms is brought about when the care giver cannot connect to a patient's health information. "When we can't get the proper patient information at the point of care, we put the patient at risk," he explained. "The vast majority who will seek to access a patient identifier would be seeking to do good with the information, compared with the small minority seeking to do harm with the information. It's an issue that needs to be discussed because it stands in the way of proper care for the patient."
He also added that those with financial means and malicious desire may be able to access patient data, regardless of a national patient identifier.
Also, another audience member questioned the practical sustainability of having nurses having to repeatedly call up patients to keep track of their patients’ information. In his rural facility, he is concerned about the amount of staff required for such consent. Johnson, who also serves at a rural facility, reiterated those practical concerns, especially as she is attempting to manage patient data across 50 hospitals.
Peel conceded that the technical aspects of not being able to recall a patient within a particular system needs to be addressed, but she reiterated her bigger concern over a national patient identifier as being too simple a solution, which could leave patients more exposed.
David Blumenthal, MD, the National Coordinator for Health IT, has planned a privacy workshop for later this spring to discuss many of these concerns, according to the panel members.