HIE Queries: Protecting Patient PrivacyFederal Advisers Will Rethink Proposals
See Also: Threat Intelligence - Hype or Hope?
The HIT Policy Committee is concerned that, without certain restrictions, non-targeted queries by healthcare providers could result in inappropriate disclosures of sensitive patient health information. That could include disclosures that a patient was treated at a substance abuse or mental health facility.
Some committee members are worried that the possibility that sensitive information could be disclosed by non-targeted queries might dissuade some patients from allowing any of their health data from being exchanged. So the committee instructed its Privacy and Security Tiger Team to take a closer look at the issue.
The query-response proposals could potentially be included in criteria for Stage 3 of the HITECH Act electronic health record incentive program slated to begin in 2016.
In April, the HIT Policy Committee approved tiger team recommendations about how to verify the identity and authority of clinicians who electronically request data about a patient directly from another healthcare provider (see: Federal Advisers Tackle Secure HIE). Those previously approved recommendations covered two possible scenarios:
- A HIPAA-compliant targeted data query by a healthcare provider to another provider for information needed when directly treating a patient;
- A targeted query by a healthcare provider to another provider for patient information for treatment in a situation where more stringent state privacy laws than HIPAA are in effect.
At a HIT Policy Committee meeting on May 7, the tiger team presented new recommendations covering a third scenario of health data involving non-targeted queries. Those non-targeted queries include clinicians sending a request via an HIE to locate all records about a patient from the individual's previous healthcare providers, who are not known (see: Keeping Data Queries, Responses Secure).
HIT Policy Committee members did not seem to have an issue with the tiger team's scenario 3 recommendation that patients should be able to determine whether they want to have their records included in these aggregated data exchange services. Providing patients a "meaningful choice" would enable them to consent to having health records shared among healthcare providers through health information exchanges or other record locator services.
Some committee members, however, voiced concerns about another tiger team recommendation for scenario 3 that advised against creating policies that limit queries based on the geography of a patient, the type of provider that holds patient records, or other factors.
Deven McGraw, chair of the tiger team and a member of the HIT Policy Committee, noted that most health information exchange taking place today is done within a region or state, so putting restrictions on queries based on geography might be premature.
But some committee members disagreed. "We need policy guardrails around all forms of exchange that are happening today," said Farzad Mostashari, M.D., national coordinator for health IT and chair of the HIT Policy Committee.
A record locator service for an HIE only tells a querying clinician that a patient record is available from other healthcare providers that participate in the exchange. However, a query response that could confirm that a patient has records located at a substance abuse treatment facility or a mental health institution is, in itself, a disclosure that could be too sensitive for some patients, some committee members said.
Data holders of sensitive patient information would not be obligated to respond to the query for the patient's records, McGraw pointed out.
But Paul Tang, the committee's vice chair, said that just the possibility that sensitive health records could be located through a query could dissuade some patients from giving consent for having any of their health records be exchanged. Tang is vice president and chief innovation and technology officer at Palo Alto Medical Foundation.
The tiger team's recommendations for that third scenario build upon recommendations for assuring identity and authority of healthcare providers that were already approved in April by the HIT Policy Committee in the first two directed query scenarios.
McGraw agreed to take the issues involving non-directed queries back to the tiger team for further discussion. The team will investigate policies that HIEs and HIE application vendors already have in place for handling non-directed queries, she told the committee. "We'll dig into the scenarios a little deeper."
Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT, noted that ONC has a pilot under way that involves "marking health data based on the source." Those developments could potentially provide "more granular choices" for patients when granting consent for the exchange of their health data.
In another related development, on May 3, ONC issued voluntary guidelines for HIEs. Those guidelines include providing patients with privacy and security policy notices; giving patients the opportunity to decide whether to have their data exchanged; and allowing patients to access their health data and request changes to it (see: HHS Outlines Voluntary HIE Guidelines).