Health information exchanges are now focused on creating nothing less than the Patient-Centered Data Home accessible nationally. However, before doing so they must ask themselves some hard questions.
HIEs are back and in a big way. Looking beyond interoperability, HIEs are now focused on creating nothing less than the Patient-Centered Data Home, accessible nationally. The timing is, paradoxically, good and bad. There’s no question that data silos continue to stall initiatives that could save money and lives. And there’s no question that EHRs have utterly failed to create such nationally accessible patient-centered data homes.
But events like the Facebook/Cambridge Analytica scandal have propelled data privacy to the forefront of media attention and public discussion. Before contributing to the Patient-Centered Data Home, HIES and other stakeholders must ask themselves some hard questions.
1. Who owns the data? In the fallout from the Facebook scandal, we at least know we can download the data that Facebook has been sharing and cancel our Facebook account if we wish. Will patients have the same ability with data collected in a national patient data home? Will patients have the authority to eliminate their records?
Interestingly, HIEs are one of the few entities in healthcare that must conform to patient opt in/opt out consent policies, which vary by state. These policies typically mandate the patient’s right to fully or partially opt out of having their data shared, but even so, there are exceptions. Some states may require that HIEs participate in public data sharing; presumably using all patient data, regardless of individual patient opt-in/opt-out status.
Beyond HIE requirements, the legality surrounding patient data ownership is hazy. CMS requires Medicare providers to retain patient records for a certain number of years, while various states have patient record retention laws in place. Sharing de-identified data is also allowed in many instances; and while selling patient data is largely restricted, here again, there are some exceptions.
But bottom line, it’s the patient’s own data. Requests to delete or omit data should be handled respectfully and fulfilled in a way that answers the patient’s underlying wish for privacy and ownership.
Educating the patient on what he or she is legally entitled to, plus the data home’s privacy and security safeguards, are critical first steps. Following closely is educating the patient on the value of his or her data for individual and public health.
You can view the rest of the article here and find out the answers to the following questions:
- Who owns data errors?
- How to match patients to the right records?
- What about using blockchain to solve the patient matching challenge?
- What is the best patient identity matching strategy in the absence of a national patient ID?