Sunday, February 20, 2011
We continue to see the tensions in patient data protection play out in new and interesting ways. For example, as HHS continues to study the comments from its HITECH-authorized lock-down of HIPAA Privacy NPRM, available here, the White House's OSTP has been touting its "Blue Button" initiative, available here and according to the Markle foundation, here, strongly supported by both doctors and patients. Clicking on the Blue Button will copy a person's PHI from a HIPAA-protected zone (an EMR curated by a covered entity) to a HIPAA-free zone (a PHR).
Two useful reports prepared for ONC by GW's Department of Health Policy provide detail on some of the options available to policymakers seeking to both protect patient data (or at least patient choice regarding such data) and yet share such data for patient and societal benefits. The first report, “Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis,” available here, details the various patient consent models with their advantages and disadvantages. The second, "Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis," available here, builds on familiar exceptionalism or data segregation models, such as the treatment of HIV/AIDS tests under state laws or the protection of psychotherapy notes under HIPAA Privacy. With EHRs, of course, we are talking about segmenting the patient's data within the record. Questions posed in this useful report include identifying who should define the segments, whether patient or physician should control the segmentation. Additionally, we will need to study whether there should be an emergency protocol for overriding the segmentation choices.
These are important questions that in many ways will define the future of the relationship of the patient with her EHR far more than the privacy, confidentiality, and consent models heretofore explored.