Challenges in Addressing Privacy of Health Information Exchange
The specific privacy concerns reported in the literature suggest a clear need to improve individuals’ participation in decisions about who may access an individual’s health information and how the information will be used. Providing individuals with meaningful choice in decisions about how their health information is shared is expected to increase consumer confidence in electronic health information exchange. The Privacy and Security TIGER team of the Health IT Policy Committee (federal advisory committee to the Office of the National Coordinator for Health Information Technology [ONC]) recommended that toward this goal patients should be given the opportunity to provide “meaningful consent,” as depicted in Figure 5.2.
The concept of “meaningful consent” is described as “the ability of patients to thoughtfully and clearly express preferences to limit access to some parts of their record, and to change their minds at any time.”22 Further, the TIGER team recommended that both “opt-in” and “opt-out” consent models are acceptable if the choice provided is “meaningful.” Opt-in consent models typically require an explicit, written consent by the individual to participate in HIE and, as implemented today, tend to be “all or nothing”
Figure 5.2 Meaningful consent elements. (Adapted from Health IT Policy Committee Meeting Notes. Sept. 1, 2010.)
with no option for restricting the types of information shared, although opt-in models that allow some restrictions are being used by some organizations. Opt-out models default to allow sharing of a person’s data unless the person specifically opts out. As with opt-in models, there are opt-out models that permit some restrictions by type of data, provider, or purposes for sharing the data.23
HIEs are making progress toward offering more individual choice regarding what information is shared and with whom when it comes to obtaining consent to participate in HIE. According to the 2011 eHealth Initiative Report on Health Information Exchange, HIEs are implementing both opt-in and opt-out approaches to obtaining consent, and they are offering more opportunities for individuals to have some limited choice in what information is shared and with whom. For example, more than half of the 255 initiatives reporting allowed individuals to make decisions by provider, data type (lab or radiology), encounter, disclosing organization, data field (demographics only), and certain types of sensitive data such as mental health, HIV status, and genetic data. The report noted that HIEs were using a Health Insurance Portability and Accountability Act notice of privacy practices (HIPAA NPP) at the point of care to inform individuals of these choices. However, the details describing what options individuals were offered regarding updating their preferences or revoking consent were not reported.
There are a number of key challenges to adequately providing meaningful choice in the consent models offered by HIEs. First, the technology needs to have the capability to capture individual preferences for data sharing, including (1) the type of data; (2) who will have access; (3) under what circumstances; and (4) the time frame for access. There also needs to be a mechanism for maintaining and updating those preferences and their specific context, and the capability to apply these rules to data coming from multiple sources.
Data segmentation refers to the process of “sequestering from capture, access, or view certain data elements that are perceived by a legal entity, institution, organization, or individual as being undesirable to share.”24 However, current clinical systems are not very sophisticated with respect to having the capability to parse or segment specific data elements in a way that will allow a policy-driven consent management system to apply the appropriate algorithms. One key challenge is getting the data into structured data fields that can be tagged and coded. Structured data fields within EHRs can be an excellent, efficient way to capture and display certain types of data such as blood pressure, lab results, and other basic information.
However, structured data fields have been met with sharp criticism by providers when they are overly restrictive and do not fit the provider’s work flow. For example, providers have reported being frustrated by dropdown lists that do not have the appropriate choice available or that have hundreds of choices to scroll through to find the right one. In some cases, doctors have reported entering data into other open data fields or in the notes to create a “work around” for poorly designed structured data fields in their EHRs.25
In addition to the technical complexity of segmenting data to allow for individual preferences, both individuals and their healthcare providers need to be engaged and motivated to implement a decidedly new and different consent process. Individuals will need to be willing to take responsibility for making decisions about their preferences, which may be confusing for many. Patients must be educated regarding the implications, positive and negative, of the consent decisions they make. A recent telephone survey found that only 18 percent of individuals want to have the sole responsibility for determining their privacy settings when offered the choice to restrict access to dates and locations of treatment, diagnoses/treatments, prescribed medications, laboratory and genetic tests, HIV tests, sexually transmitted disease (STD) tests, or mental health treatment information. Most people want to have their physicians involved in these decisions. Twenty-six percent said that they would like to have their physician help them determine their settings and nearly 40 percent preferred that they, their physicians, and their family determine their privacy settings. Only 4 percent of the respondents wanted their provider to make these decisions for them. Nearly 80 percent of those responding indicated they would want a physician to override their privacy settings in a medical emergency in order to treat them. Providers also have preferences that must be considered, particularly the need to be certain that they have complete and accurate information to make diagnosis and treatment decisions. The needs of both sides of the patient-provider relationship must be considered, and the desire of individuals to have their providers engaged in their decisions about restricting access opens the door for a conversation in which both sides can share concerns and the individual can make informed decisions. Understanding what individuals want in terms of privacy protections is an important first step, but there are multiple social and technical challenges to be resolved before we can manage personal preferences in a truly meaningful way.
The privacy concerns that individuals raise also suggest a need to continue to improve people’s trust in technology and the healthcare system overall. The Nationwide Privacy and Security Framework developed by HHS outlined eight key principles for the protection of individually identifiable health information (IIHI). These principles were distilled from a number of national and international sources, including the Code of Fair Information Practice and the Fair Information Practice Principles.26,27 The eight key principles include individuals’ right to access their information and have corrections made if errors are found; and the need for transparency about policies, procedures, and technologies that affect patients or their health information. Education about data security, individual rights, and recourse in cases of unauthorized disclosures and misuse of information may help build trust in the use of electronic information. The ability to readily obtain a list of disclosures may also help build a stronger trust relationship. In the survey cited earlier, 71 percent of respondents indicated that they would request an accounting of disclosures that their provider had made related to treatment and payment and 95 percent of those who would request the list of disclosures wanted to know what information was disclosed, when, by whom, and for what purpose.