Should patients be able to decide that some of their providers shouldn't have access to certain parts of their medical record? That's the issue behind one part of a from the Office of the National Coordinator (ONC) for Health Information Technology.
"We believe that individuals should be provided a reasonable opportunity and technical capability to make informed decisions about the collection, use, and disclosure of their electronic health information," wrote the authors of the proposed rule, which was published April 18 in the Federal Register. "The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides individuals with several legal, enforceable rights intended to empower them to be more active participants in managing their health information. We make several proposals in support of the HIPAA Privacy Rule's individuals' 'right to request a restriction' on certain uses and disclosures of their PHI [personal health information]."
Complicated to Carry Out
So what does that mean, exactly? A good example of this might be a patient with HIV, said Steven Waldren, MD, MS, chief medical informatics officer at the American Academy of Family Physicians. "Say that a patient needs to be referred to a podiatrist for some slight issues where it's not going to be very likely to [result in] surgery or anything like that," he said Thursday in a phone interview. "So the patient may say, 'Hey, don't send my diagnosis of HIV.'"
That sounds like it could be as simple as removing "HIV" from the patient's problem list, he said, but in reality it could end up being far more complicated because when a patient makes that remark, "what in my view the patient really asked the physician to do is to make sure that the podiatrist doesn't know they have HIV," he said. "That's a very different task."
To begin with, "if there's any notes that could be shared, then you have to make sure [HIV isn't] in the narrative of that ... And hope that any consulting notes that you are also sending along don't say something about HIV," Waldren said.
Then there are lab results to consider not including, such as an HIV-positive lab test, or a T4 test that comes back as very low. "But also, if you see in the test results that there is a T4 count that's normal, but it's being tested on a regular basis, it's going to be easy for the podiatrist to think, 'Well, there's not really many reasons that you would keep asking and making sure that their T4 count was all right -- they must have HIV,'" he said.
What about the patient's drug list? HIV medications would need to be expunged from that, but "what if the podiatrist now wants to prescribe the patient a drug which could potentially interact with one of the antiviral drugs they're taking?" said Waldren. The patient would then have to remember to tell the podiatrist about any drugs they're on that might not be listed on the patient record, in case there's a possibility of interaction, he said.
Better Technology Needed
Managing these issues will require improvements in health record technology, according to Waldren. "We have to get these technologies to be able to help us be able to manage this complexity of data and to be able to have the patients have trust and make sure that their privacy is maintained as they want it to be maintained -- but that it's done so in a way that they understand the risks. We can put safeguards in place to support those patients, but it has to be something that's actually manageable and doesn't add a significant amount of administrative burden to physicians and practices."
The comment period on the proposed rule closed on June 20, and several physician organizations who commented on that portion of the 172-page rule -- a section known as "data segmentation" -- were in favor of patients having the ability to shield certain parts of their medical record. "The APA [American Psychiatric Association] commends ONC for considering polices that support data segmentation and urges ONC to work closely with clinical, patient, technology, and policy partners to advance these priorities in tandem," , the APA's medical director and CEO.
The American College of Obstetricians and Gynecologists (ACOG) suggested another benefit of data segmentation. "Segmenting data protects individuals who have experienced intimate partner violence, sexual assault, and other sensitive experiences that disproportionately affect women," commented Lisa Satterfield, MS, MPH, senior director for health economics and practice management at ACOG. "Obstetrician/gynecologists must maintain the confidentiality of documentation related to care for STIs [sexually transmitted infections], pregnancy, substance use disorder, or other conditions that, if shared without measure, could endanger women or make them more vulnerable to discrimination."
In addition, "ONC should consider a future exception to information blocking penalties for highly sensitive healthcare data such as reproductive healthcare data," she said. "While patients' access to their healthcare information is important, the criminalization and scrutiny of reproductive healthcare data has become an issue of increasing importance. Physicians should not be working under the fear that their delay of releasing sensitive health data will be penalized unnecessarily as part of information blocking requirements."
Provider Concerns
But not everyone is on board. "We are concerned that segmenting portions of the medical record or restricting user access would be very disruptive to care delivery workflows and create barriers to care coordination. Significant patient safety and care quality issues could arise if complete medical information is not available to treating providers," , vice president of Health IT Strategy and Policy at the Kaiser Foundation Health Plan. "For example, serious harm could occur if a provider is not aware of all the medications a patient is currently taking or has recently taken and prescribed a medication or treatment that is contraindicated."
"We are also concerned that inconsistent approval or application of the functional capability across providers and health organizations could cause patient confusion and mistrust," Ferguson added. "We strongly urge ONC to limit the scope of this proposal to specifically exclude treatment as defined in the Privacy Rule from patient requests to restrict data or limit user access."
Asked when a final rule was expected, an ONC spokesman said in an email that the agency "has been working through all the [234] comments received and aims to get the final rule out as soon as we can, perhaps as early as later this year."