Giving Patients Control Over EHRs

Privacy Group: Survey Results Support Its Patient Rights Push
Giving Patients Control Over EHRs
An advocacy group is using the results of a new consumer health information privacy survey to help bolster its case for giving patients a clear-cut right to determine who can view their electronic health records.

The web-based survey of 2,000 Americans, commissioned by Patient Privacy Rights and conducted by Zogby International, found:

  • 93 percent of respondents would like to decide what companies and government agencies can access their electronic health records.
  • 91 percent would like to decide which individuals can view their EHRs.
  • 97 percent say doctors, hospitals, labs and technology companies should not be allowed to share or sell a consumer's health information without their consent; 98 percent say the same for insurance companies.

Survey participants were randomly selected from Zogby's database of hundreds of thousands of U.S. adults. The research firm claims the survey has a margin of error of plus or minus 2.2 percentage points.


Under the HITECH Act, which was part of the economic stimulus bill, "billions are going toward the purchase of EHRs that do not allow people to control their own information," says Deborah Peel, M.D., founder and chair of Patient Privacy Rights. "Millions are going to the states to set up health information exchanges that typically do not allow you to control who sees your information."

The HITECH Act funded EHR incentive payments to hospitals and physicians from Medicare and Medicaid, which kick in next year. It also provided grants for HIE development.

The advocacy group has long called for federal legislation that explicitly requires obtaining patients' consent before using their records for any purpose. Under the HIPAA privacy rule, as revised in 2002, covered entities, including hospitals, physicians and insurers, can access patient records for treatment, payment or healthcare operations without patient permission.

"We hope this survey will help decision makers to see we've got to have trusted systems," Peel says. "It's so hard for American's voices on this topic to be heard."

Pending Privacy Regulations

A proposal to modify the HIPAA privacy, security and enforcement rules notes that federal regulators plan to introduce a separate proposal to describe how to give patients an accounting of who has accessed their records for treatment, payment or healthcare operations. Such disclosure is required under the HITECH Act.

Rules for stage one of the HITECH Act's EHR incentive payments program do not include any requirements to obtain patient consent to use their records. Peel is hopeful that regulators will consider including such requirements in Stage 2 rules for the Medicare and Medicaid incentives, which are now in development.

Federal regulators are now considering recommendations for how to obtain patient consent to share their EHRs via health information exchanges. Also in the works are privacy and security rules for personal health records.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.