Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center."— Presentation transcript:

1 Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center

2 EHRs Promise Great Things Improve quality of care Improve quality of care Reduce duplication Reduce duplication Reduce medical errors Reduce medical errors Provide the right care at the right time and place Provide the right care at the right time and place Increase access to care Increase access to care Reduce administrative burden Reduce administrative burden Improve research and public health Improve research and public health Implication: broader and more frequent access to PHI

3 EHRs Create New Privacy Concerns for Patients Reduced ability to shield sensitive information Reduced ability to shield sensitive information Inability to “leave the past behind” Inability to “leave the past behind” Inability to refuse participation in certain activities, e.g., research? Inability to refuse participation in certain activities, e.g., research? Linking between health information and other information, e.g., welfare Linking between health information and other information, e.g., welfare To maximize patient privacy, the best EHR is highly fragmented with fragments under patient control

4 EHRs Create New Privacy Concerns for Physicians Reduced autonomy in the practice of medicine Reduced autonomy in the practice of medicine Tracking of utilization and compliance with care guidelines Tracking of utilization and compliance with care guidelines “Pay for performance” “Pay for performance” Reduced ability to provide autonomy to patients Reduced ability to provide autonomy to patients To maximize physician privacy, the best EHR allows physicians role-based access

5 Outline Privacy concerns raised by EHRs Privacy concerns raised by EHRs The current data flows The current data flows How PETs can help How PETs can help

6 Existing Regulations Permit Data Flows Without Patient Consent Treatment Treatment Payment Payment Health care operations Health care operations Public health Public health “Required by law” “Required by law” Health system oversight Health system oversight Reporting victims of abuse and neglect Reporting victims of abuse and neglect Law enforcement, judicial and administrative proceedings, specialized government functions Law enforcement, judicial and administrative proceedings, specialized government functions Research (with some restrictions) Research (with some restrictions) Permitted disclosures without patient consent number in the dozens

7 Patients May Not Know What the Terms of “Notice” Mean Health Care Operations Health Care Operations Legal, accounting, auditing services Legal, accounting, auditing services General administration General administration Also Health Care Operations Also Health Care Operations Outcomes evaluation and guidelines development Outcomes evaluation and guidelines development Accreditation of professionals Accreditation of professionals Training of health care and non-health care workers Training of health care and non-health care workers Fundraising for the health care entity Fundraising for the health care entity Data analysis for plan sponsors or customers Data analysis for plan sponsors or customers Detection of “fraud, waste and abuse” Detection of “fraud, waste and abuse”

8 Who Performs “Health Care Operations”? Consultants Consultants Lawyers Lawyers Accountants Accountants Medical transcription companies Medical transcription companies Software development and maintenance contractors Software development and maintenance contractors Medical equipment manufacturers and service companies Medical equipment manufacturers and service companies Pharmacy benefits managers Pharmacy benefits managers Document scanning or data input companies Document scanning or data input companies Offsite records storage companies Document destruction companies Credentialing organizations Accreditation agencies Licensing agencies Medical schools Training companies Banks External fundraising agents Collection agencies Secondary users not regulated by HHS

9 “ Consumers who examine the audit trails of access to their data may be surprised by how many different people and entities access their data. These are not security violations, but routine clinical and business uses of identified clinical data. … [C]onsumers will have to be educated about the realities of how their personal health information is used.” D. J. Brailer et al., Moving Toward Electronic Health Information Exchange: Interim Report on the Santa Barbara County Data Exchange, prepared for the California HealthCare Foundation, July 2003 “[T]he very benefit of regional information exchange arises from physician adoption, and if physicians are reticent to participate in something that might be used against them (or simply fear that it could be used against them), then this benefit of physician practice evaluation may have to be foregone for the foreseeable future.”

10 Outline Privacy concerns raised by EHRs Privacy concerns raised by EHRs The current data flows The current data flows How PETs can help How PETs can help

11 We Need to Return to Basic Questions Should all health care providers have access to all PHI? Should all health care providers have access to all PHI? Should secondary users have access to PHI without patient or physician consent? Should secondary users have access to PHI without patient or physician consent? How can EHR systems be built to provide greater control to patients and physicians? How can EHR systems be built to provide greater control to patients and physicians?

12 PETs As Part of the Answer Fully identified records provided only for whose who need identity to do the job Fully identified records provided only for whose who need identity to do the job Pseudonymity (protecting patients from curiosity, e.g., in labs or pharmacies) Pseudonymity (protecting patients from curiosity, e.g., in labs or pharmacies) Group signatures (protecting physician identity in patient interactions; protecting patient identity in some interactions) Group signatures (protecting physician identity in patient interactions; protecting patient identity in some interactions) Complete records only when needed Complete records only when needed Secret sharing (record fragmented until necessary, e.g., in emergency, with patient consent) Secret sharing (record fragmented until necessary, e.g., in emergency, with patient consent) Selective disclosure (disclosing medications without disclosing diagnosis or physician name) Selective disclosure (disclosing medications without disclosing diagnosis or physician name)

13 PETs As Part of the Answer, Cont’d Secondary users work with de-identified information Secondary users work with de-identified information Private information retrieval (looking for types of cases without disclosing links between identity and case) Private information retrieval (looking for types of cases without disclosing links between identity and case) Research Research Disease and bioterrorism surveillance Disease and bioterrorism surveillance Clinical guidelines development and improvement Clinical guidelines development and improvement Privacy-preserving datamining (looking for patterns without sharing information) Privacy-preserving datamining (looking for patterns without sharing information) Research Research Quality of care analysis Quality of care analysis Fraud detection Fraud detection

14 System Can Be Built With More Control for Data Subjects Menu of pre-set choices in EHR Menu of pre-set choices in EHR Who and when can access records without further consent Who and when can access records without further consent Contact information to obtain consent outside pre-set parameters Contact information to obtain consent outside pre-set parameters “Expiration” of one-time past episodes of care “Expiration” of one-time past episodes of care

15 “ Most interviewees were willing to allow the use of their information for research purposes, although the majority preferred that consent was sought first. The seeking of consent was considered an important element of respect for the individual. Most interviewees made little distinction between identifiable and anonymised data.” Willison, Donald J; Keshavjee, et. al, “Patients' consent preferences for research uses of information in electronic medical records: Interview and survey data,” British Medical Journal (International Edition), February 15, 2003.

Download ppt "Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
Health Information Privacy and Confidentiality Lawrence O. Gostin, J.D., LL.D. (Hon.) Professor of Law, Georgetown University; Professor of Public Health,

Health Information Privacy and Confidentiality Lawrence O. Gostin, J.D., LL.D. (Hon.) Professor of Law, Georgetown University; Professor of Public Health,
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
North Carolina State University Health Information Privacy 4/16/03.

North Carolina State University Health Information Privacy 4/16/03.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.

Copyright 2006 Rubin Law Firm, LLC Drafting HIPAA Compliant Subpoenas & Discovery Presented by:RACHEL B. RUBIN Kansas Bar Association Annual Meeting June.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

Similar presentations

Ads by Google