TRENDING:

Health Leaders Reply to Senate Query

Top Concerns: Standards, Information Exchange, Privacy Marianne Kolbasuk McGee (HealthInfoSec) • August 15, 2014    
Health Leaders Reply to Senate Query

Back in June, U.S. Senate finance committee chairman Ron Wyden, D-Ore., and senior committee member Chuck Grassley, R-Iowa, sent a letter to about 100 healthcare sector stakeholders, seeking "new ideas for enhancing the availability and utility of healthcare data while maintaining and strictly protecting patient privacy."

See Also: Demonstrating HIPAA Compliance

Specifically, stakeholders were asked to describe barriers that stand in the way of health data transparency and possible reforms.

The response? Challenges related to patient data matching, health IT interoperability and standards, secure health information exchange, and state privacy laws top the list of barriers.

Among the groups responding to the query: the eHealth Initiative. a non-profit group that advocates the use of health IT; the College of Healthcare Information Management Executives, which represents healthcare CIOs; and the Electronic Health Record Association, which represents 40 EHR vendors and is part of the Healthcare Information and Management Systems Society.

In their responses, each of those groups highlights the need for more accurate patient data matching in order to ensure patient privacy and safety.

"To improve patient safety and data interoperability, a consistent nationwide patient data matching strategy should be a priority," writes EHRA. "Error rates in existing technologies that manage patient identification are sufficiently high to cause concern about medical errors, redundant testing, and inefficiency."

Patient Data Matching

The eHealth Initiative expressed similar concerns about patient data matching.

"The ability to accurately identify and match patients within and among Health IT systems continues to serve as an obstacle as more and more patients' health records become electronic," writes eHealth Initiative CEO Jennifer Covich Bordenick. "We encourage Congress, and by extension the [Obama] administration, to place emphasis on resources needed to reduce barriers and improve the ability to accurately identify and match patients."

Patient data matching involves ensuring, for example, that when a patient's records from multiple sources are gathered, such as via a health information exchange, the right information for the right patient is aggregated. If records are mismatched, medical mistakes, improper data entries and disclosures and medical ID fraud can occur.

CHIME notes, "Despite years of development, no clear strategy has emerged to accurately and consistently match patients with their longitudinal data across different settings of care."

In recent years, the issue has become an increasingly bigger concern, as the use of electronic health records has soared and related health information exchange efforts have expanded (see Patient Data Matching Best Practices).

In its letter, CHIME asks Congress "to remove the prohibition barring the development of and requiring adherence to standards for a unique patient identifier as a means to dramatically enhance the sharing of healthcare data. At a minimum, Congress should support administration efforts to help identify possible solutions that can address this staggering patient safety issue."

Interoperability and Standards

Other hurdles in improving data transparency are related to health IT interoperability, standards and secure health information exchange, say some of the groups responding to the committee's request for information.

"Overall, continued emphasis should be placed upon building the infrastructure and tools to achieve interoperability among health IT systems and applications to sustain seamless data exchange," eHealth Initiative writes. The group says it supports "the development and use of standards in a manner that advances seamless data exchange."

In general, "many of the needed standards are available but others are now entering or on the midst of refinement, testing, and pilot usage," eHealth Initiative writes. "However, that standards use requires considerable planning to ensure adequate testing of systems, education, and training for successful adoption and real interoperability."

Privacy Laws

Another barrier to data transparency is the lack of uniformity across state privacy laws, which also complicates data exchange, writes EHRA.

"Patient, consumer, and provider concerns with the privacy and security of protected health information must also be addressed, including accurate and confidence-building implementation of federal HIPAA provisions, as well as the sometimes conflicting provisions of states' laws, which can conflict with HIPAA and each other," the group says in its response.

"Often, this is less an issue for EHRs and other health IT operating within a healthcare organization, and more a consideration among organizations that agree to share healthcare information and therefore must determine governance and ownership policies in compliance with state and federal laws."

EHRA describes the issues that arise in secure health information exchange that's attempted within a patchwork environment of diverse state privacy regulations.

"It is widely recognized that the inconsistencies in various state and federal privacy laws as they pertain to sensitive health information, such as that protected under 42 CFR Part 2 -- Confidentiality of Alcohol and Drug Abuse Patient Records -- continue to be obstacles to widespread HIE," the group says. "In addition, varying federal and state laws regarding patient data ownership and consent are also a function of the affiliation and location of organizations seeking to share healthcare information."

In its letter, CHIME writes that it "calls on Congress to lead an open dialogue to help states align privacy and consent policies that enable cross-border exchange of health information in a secure manner. This should include re-examining certain provisions of HIPAA."

The Senate finance committee did not respond to Information Security Media Group's request for comment on the letters it received from stakeholders, and what it plans to do with the responses.

Previous
Industry News: IBM Acquires Lighthouse Security Group
Next
LabMD Seeks Sanctions Against FTC

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.