As activists sued the state of Rhode Island over privacy provisions in a new health information exchange, a similar exchange being designed in Connecticut is also considering the implications of privacy requirements.
A key component of federal health care reform, health information exchanges offer the promise of making patient information easily accessible by doctors and insurance carriers, erasing some of the costs of health care spawned by administrative duplication, medical errors and other problems.
At the same time, health information exchanges have some worried that individuals”™ private health information could be exposed ”“ despite the Health Information Technology for Economic and Clinical Health (HITECH) Act that stiffens security requirements on health data. The American Civil Liberties Union last month sued Rhode Island”™s Currentcare health information exchange, with the ACLU arguing sufficient safeguards are not in place to stop data breaches.
The Connecticut Department of Public Health last month released a 90-page strategic plan for creating and safeguarding a health information exchange in the state even as a Rocky Hill-based organization called eHealthConnecticut received a $5.7 million federal grant in April to establish a community-based Health Information Technology Regional Extension Center.
The center is focusing first on offering assistance to 3,000 primary care physicians in Connecticut, before expanding its efforts to others.
In New York City, the New York eHealth Collaborative is likewise working on standardized consent policies and procedures for consumers participating in health IT systems.
The Connecticut Department of Public Health committee is considering the implementation of a hybrid model for patient consent that enforces opt-out for all data with the exception of most sensitive data or specially protected patient information. Patient consent for sensitive data will enforce opt-in, requiring a written consent of the individual to protect the confidentiality of specially protected information, including sexually transmitted diseases, HIV/AIDS test results, viral hepatitis, genetics and mental health and developmental disabilities.
Ellen Andrews, executive director of the Connecticut Health Policy Project, termed it a “grave mistake” to allow an opt-out component to the system.
“It is critical that every consumer who shares information in the exchange has made an informed decision,” Andrews said, testifying on the health information exchange last month. “If public trust in the integrity of the system is eroded, even before implementation, resulting in low participation by either consumers or providers, the system will be useless. Even one case of a breach of information about a consumer who did not affirmatively agree to share their information, and surrounding publicity and legal challenges, could bring the entire system to a halt.”
Last month, the Office of the National Coordinator for Health Information Technology established a temporary certification program for electronic health record (EHR) technology, an important step establishing a baseline for organizations to qualify for future incentives.
“Hospitals will be able to make EHR purchasing decisions knowing that the technology will allow them to become meaningful users of electronic health records (and) qualify for the payment incentives,” David Blumenthal, national coordinator for health information technology, said in a statement. “We hope that all (health IT) stakeholders view this rule as the federal government”™s commitment to reduce uncertainty in the health IT marketplace and advance the successful implementation of EHR incentive programs.”
In a survey of 120 hospital chief information officers published last month by PricewaterhouseCoopers, eight of 10 CIOs voiced concern they will not be able to demonstrate “meaningful use” of electronic health records ”“ a necessary step to obtaining federal grants for installing systems at their hospitals, as much as $44,000 per physician.
