U.S. Health IT Privacy Proposal Approved After Tussle on Patient Consent
Privacy recommendations for health IT got hung up for a considerable time Thursday on objections raised on behalf of care providers to requirements for patients to consent before their records go into health information exchanges. Eventually clarifications by the leaders of a privacy and security group set up by the Department of Health and Human Services’ Health IT Policy Committee cleared the obstacles during a teleconference and webcast meeting. The committee approved the group’s suggestions by unanimous voice vote.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
U.S. Chief Technology Officer Aneesh Chopra had played up the recommendations as a centerpiece of administration policy on health IT (WID Aug 19 p1). Laid out in a 19-page letter, at http://bit.ly/bSJ564, they cover only what’s called stage 1 of meaningful use, the requirements for providers and hospitals to qualify for federal subsidies for using health IT.
The conclusion that dominated the committee’s discussion was number 3.2, labeled “Trigger for Additional Patient Consent.” With the emphasis in the original, it said: “When the decision to disclose or exchange the patient’s identifiable health information from the provider’s record is not in the control of the provider or that provider’s organized health care arrangement ("OHCA"), patients should be able to exercise meaningful consent to their participation.” The department’s Office of the National Coordinator for Health Information “should promote this policy through all its levers,” the letter said.
The provision would hold back electronic record handling by requiring providers to set up alternative systems for patients who won’t consent to the information-sharing covered, said Dr. Neil Calman, the Institute for Family Health’s CEO and one of the committee’s 24 members. He repeatedly balked at that proposal. “We don’t want to do anything that discourages providers from using electronic means of communications,” Calman said:. “Patients who don’t want to go along with a practice’s way of doing things can opt out of the practice” and find care elsewhere. Deven McGraw, the privacy group’s chairman and also a committee member, replied, “'You participate or you leave the doctor you want’ -- it’s not a very good choice.” She’s the director of the Center for Democracy & Technology’s health policy project.
Calman suggested that the recommendation be “parked,” as some other questions have been, while providers’ responses to it were looked into. At another point, he said he would have to abstain on the team’s overall proposal if the provision remained. Expressing support for Calman’s position were committee members Judith Faulkner of Epic Systems and Dr. Michael Klag, the dean of the Johns Hopkins Bloomberg School of Public Health.
The proposal wouldn’t require any provider to maintain paper records or any other second system for patients who don’t give consent, said businessman Paul Egerman, the privacy and security group’s co-chairman. It would let their records be handled electronically as they are now, he said. That would remove them from the “value-added” services that health information exchanges will offer to improve care, such as education and notifications, Calman replied. If the committee didn’t approve the recommendation, “a lot of people are going to find that very interesting,” Egerman said. He and McGraw said providers could explain to patients the benefits of consenting to information exchange and few patients would be expected not to go along.
"Privacy is paramount to what we're doing here and absolutely essential to the patient, and if we don’t have that trust, we're not going to be able to move this endeavor forward,” said committee member Gayle Harrell, a former Florida legislator. Patient protections can’t be “set aside” for the “convenience” or “preference” of providers, she said.
Eventually, McGraw said the recommendation had already taken care of the objections. It wouldn’t require patients’ consent for information sharing within a provider’s “organized health care arrangement” (OHCA), already defined in detail in a federal regulation quoted in full in the letter. The definition is broad enough to include arrangements for all the purposes of improving care that came up in the discussion, she said.
"I'm satisfied,” Calman replied. “There are still unanswered questions, but I'm not going to be obstructionist.” Then Harrell raised converse qualms, however. She said she “had a great fear” that all health information exchanges and health information organizations would qualify as OHCAs. Egerman said the definition excludes “a bunch of people dumping data in a central depository” that isn’t limited to one of the purposes specified in the regulation.