Report Outlines HIE Privacy Challenges

Patient Record Matching, State Privacy Rules Among Hurdles

By , March 26, 2014.
Report Outlines HIE Privacy Challenges

Matching patients to all the right electronic records and complying with privacy rules that differ from state to state are among the toughest ongoing challenges that health information exchanges face, according to a new Government Accountability Office report.

See Also: Automate and Standardize your IAM to Radically Reduce Risk

The GAO report is based on interviews with providers and other stakeholders in four states with ongoing HIE efforts. Those interviewed said key challenges include "issues related to insufficient standards, concerns about how privacy rules can vary among states, difficulties in matching patients to their records, and costs associated with exchange," the report notes.

Linda Kohn, director of healthcare at the GAO, tells Information Security Media Group, "We interviewed providers and other stakeholders in Georgia, North Carolina, Minnesota and Massachusetts, and that generally happened during the summer months of 2013."

Two units of the Department of Health and Human Services - the Centers for Medicare and Medicaid Services and the Office of the National Coordinator for Health Information Technology - have several ongoing programs and initiatives to help address some aspects of these key challenges, the report notes. "But concerns in these areas continue to exist."

For example, several providers told GAO that they have difficulty exchanging certain types of health information due to insufficient health data standards.

Exchange Across State Lines

"In terms of the variation in privacy rules across states, some providers reported to us that the lack of clarity in the rules adds to the difficulty in exchanging information with providers in other states," Kohn says.

The complexities of differing state privacy rules most frequently come up with patients who live on the border of states, such as in the Tri-state area of New York, New Jersey and Connecticut, says David Whitlinger, executive director of New York eHealth Collaborative, which oversees a statewide health information exchange efforts.

Although there are challenges that make data exchange difficult on a regional basis, HHS still envisions nationwide health information exchange, as called for under the HITECH Act .

In a recent speech, Karen DeSalvo, M.D., the new head of ONC, argued that health information exchange on a national level is attainable within the next three years, but matching patients to all the right records is a critical data security, privacy and patient safety concern that must first be addressed (See: ONC's DeSalvo on Patient IDs and HIEs).

"A technology challenge [for health information exchange] is patient matching ... making sure data flows in a smart way," DeSalvo said. "There's a need to sort out where data is coming from, and where it's moving. As doctors integrate data, patient matching is very important."

The issue of ensuring that all the correct data from multiple sources about the correct patient reaches the right clinician at the right time "is about safety as much as it is security," she added.

To help address the issue of matching patients to all the right records, ONC last fall launched a patient ID collaborative initiative (see Patient Data Matching: Best Practices). "The goals of the initiative are to improve patient matching based on an assessment of current approaches used by selected stakeholders; identify key attributes and algorithms for matching patients to their records; and define processes or best practices to support the identified key attributes," the GAO report notes.

The first phase of the ONC initiative was completed with the release of a report containing patient matching recommendations for possible inclusion in Stage 3 of the HITECH Act electronic health record incentive program and the 2015 edition of the standards and certification criteria, notes the report (see: Ways to Improve Patient ID Matching).

GAO Recommendations

Follow Marianne Kolbasuk McGee on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Industry News: Sophos Acquires Mojave Networks

Leading this week's industry news roundup, Sophos acquires Mojave Networks to help strengthen its...

Latest Tweets and Mentions

ARTICLE Industry News: Sophos Acquires Mojave Networks

Leading this week's industry news roundup, Sophos acquires Mojave Networks to help strengthen its...

The ISMG Network