Skip to content

Protecting Patient Privacy in EHRs

Medical processes — from intake to discharge and billing — benefit from both information-gathering and information-sharing. The industry is getting better and better at proliferating patient information where it is needed in order to assure proper assessment, treatment, and billing. And, as many of you know, The U.S. Department of Health and Human Services (HHS) recently proposed a new rule to support seamless and secure access, exchange, and use of electronic health information (EHI).

However, as we’ve noted before, with great power comes great responsibility. The information in a patient’s electronic health record (EHR) is immensely valuable and not something that you want to hide from health practitioners, of course. For example, young adults seeking reproductive health services have privacy rights that must be respected and the inability to truly hide sensitive information has led many organizations to shut down or limit their patient portals.

And, as reported at AAP News:

Older adults increasingly are granting portal proxy access to family members to assist with care management, but may not feel comfortable sharing their full medical histories with their proxies.

The AAP News article explores some possible steps and solutions, including industry standards like Consolidated Clinical Document Architecture (C-CDA) used in the summary of care record and transmission of documents and specific data (i.e., problems, medications, allergies and immunizations) between EHRs. The article goes on to note that The Office of the National Coordinator of Health Information Technology has proposed new rules earlier this year that would encourage use of an additional standard called Data Segmentation for Privacy (DS4P).

HealthItGov offers some great information on proposed EHI guidelines, as well as an array of fact sheets explaining information blocking exceptions.

Relating to payments and insurance reimbursements, HIPAA compliance (data confidentiality) has greater risk exposure via the printed paper itself. However, once an EOB/EOP or correspondence letter is scanned, it can be destroyed and accessible only online. Another benefit of this approach is that it also takes the results of the AI-based data extraction from OrboAccess and feeds this data into business intelligence technologies that observe important privacy protections to customer data.


This blog contains forward-looking statements. For more information, click here.

Archives

Categories