HIPAA Regulatory Alert: NCVHS: Individuals should have control over disclosure
HIPAA Regulatory Alert
NCVHS: Individuals should have control over disclosure
The National Committee on Vital and Health Statistics (NCVHS) says the Department of Health and Human Services (HHS) should adopt a policy for the Nationwide Health Information Network (NHIN) to allow individuals to have limited control, in a uniform manner, over disclosure of certain sensitive health information for purposes of treatment.
A Feb. 20 letter to HHS Secretary Michael Leavitt says the NCVHS recommendation is based on several critical considerations, including protecting patients' legitimate concerns about privacy and confidentiality, fostering trust and encouraging participation in the NHIN to promote opportunities to improve patient care, and protecting health care system integrity.
"We have concluded that NHIN policies should permit individuals limited control, in a uniform manner, over access to their sensitive health information disclosed via the NHIN," the letter says. "Public dialogue should be undertaken to develop the specifics of these policies, and pilot projects should be initiated to test their implementation."
NCVHS says its goal in making this recommendation is to improve patient safety and quality of care while developing a network that is practical, affordable, and inclusive and that protects confidentiality of individual health information.
Development of networks of longitudinal, comprehensive, and interoperable electronic health records provides great opportunities for enhancing coordination of care, avoiding duplication of services, and improving health care effectiveness and efficiency, NCVHS says. But the electronic network model of health information exchange is a major shift from the decentralized, disconnected, largely paper-based health record system now in use. And there are significant implications for individual privacy and confidentiality due to this shift. "Unless specific, privacy-enhancing measures are designed into networks," the letter says, "individuals could have significantly less privacy than they currently have and that they may reasonably expect would continue with EHR networks. With proper privacy-enhancing measures, however, we believe individual privacy will be reasonably protected across the NHIN."
NCVHS said it had considered various options and concluded that affording individuals the opportunity to restrict the flow of their personal information by categories is the most promising alternative. It recommends permitting an individual to sequester information based on predefined information categories. Under this proposal, every individual would have the option of designating one or more categories for sequestering. If a category is selected, all of the information in that category, as the category is defined, would be sequestered. Individuals would not have the option of selecting only specific items within the category to sequester. For any category that is so designated, health care providers accessing an individual's electronic health record via the NHIN would not see any information in that selected category. Individuals would be given the option to provide consent to a health care provider to access the sequestered information.
NCVHS says it recognizes that individuals differ in their opinions on what categories of health information should be considered sensitive and also recognizes that designating particular categories, and, even more critically, defining information to be included in each category, will be a complex and difficult undertaking.
But NCVHS says it's important to make the effort and that having uniform definitions of sensitive health information across the NHIN will be critical to establishing a solution that works well in a society where people travel frequently and receive care from multiple health care providers.
Possible categories, NCVHS says, include domestic violence, genetic information, mental health information, reproductive health, and substance abuse.
Legitimate concerns have been raised about how sequestering categories of health information could affect medical malpractice liability, the letter says. NCVHS believes liability could potentially be affected in at least two ways. First, sequestration of critical information might cause providers to give less than optimal advice or treatment because critical information is not considered. And liability also may be implicated as a result of violations of confidentiality due to imperfect sequestration of data by a provider and the provider's system. NCVHS says the implications for liability deserve additional consideration.
Increase provider trust in records
NCVHS believes that, to the extent permitted by law or regulations, health care providers should be notified when information is being sequestered to increase providers' trust in the record's contents. It suggests that if providers knew that patients could sequester information but they would not be notified, providers could never really trust that their records were accurate and complete, and would be hesitant to treat patients based on those records.
"The inclusion of some notation that information is missing alerts a provider that caution and special care are appropriate," the letter says. "Furthermore, a significant advantage of the notation is that it provides an opportunity for providers to discuss with their patients concerns about the sequestration of information and the resulting impact on their health care."
NCVHS recommends procedures be put in place for emergency access to sequestered information such as instances in which an unconscious, delirious, or otherwise incompetent person is treated in an emergency department, physician's office, or other health care setting. If such a "break the glass" emergency access provision is used, NCVHS says, an audit trail should record the specifics of the incident and it should automatically trigger a review by the relevant privacy officer. In addition, the patient or patient's representative should be notified as soon as possible that the emergency access provision was used.
Once sequestered information has been accessed through a patient's authorization or emergency procedures, the information should still be treated as sensitive in future NHIN records exchanges unless otherwise consented to by the patient.
The letter says that if a provider accesses information that had been sequestered by the patient, the provider should be required in the future to ensure that the categories of information identified by the patient for sequestration continue to be sequestered when the patient's record is shared over the NHIN.
New care model
NCVHS says it recognizes that sequestering sensitive health information by category represents a new model of clinical care, and various health care providers may be concerned about the implications of an incomplete record for patient care quality and this concern must be addressed. "More than technological solutions will be needed to make this new arrangement successful," the letter says. "It will require substantial public and professional education as well as policies and procedures that consider the medical, social, psychological, cultural, and personal factors in patient care."
[Editor's note: You can download the letter at http://www.ncvhs.hhs.gov/080220lt.pdf.]
The National Committee on Vital and Health Statistics (NCVHS) says the Department of Health and Human Services (HHS) should adopt a policy for the Nationwide Health Information Network (NHIN) to allow individuals to have limited control, in a uniform manner, over disclosure of certain sensitive health information for purposes of treatment.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.