I spoke recently with Dr. Thomas Jones, chairman of the Health Record Bank's Principles Committee, who will be presenting at the Healthcare and Information Management Systems Society annual conference in February in Orlando, Fla.
His topic, "Assuring Privacy of Healthcare Information in HIE," couldn't be more timely. Sure there have been significant, ongoing discussions about the privacy and security of EHRs and health information exchange, especially since the passage of the HITECH Act and the final rule for the Stage 1 meaningful use criteria was released.
Any time a high-profile data breach hits the news, the issue of patient privacy and security of electronic records becomes an even hotter topic.
Jones says there are two polar camps in which one side says if there are any compromises in privacy computerizing health records is not worth it and the other side says that some compromises shouldn't take away from the huge benefits of EHRs.
We shouldn't assume that there will be compromises, Jones insisted. Not if the right system is put into place. He advocates a health record bank system in which personal health records are deployed and not EHRs or EMRs.
In this model, the information flows from the healthcare provider to the patient, who is then in control of his or her information and determines who else can see the data. Patients opt in to participate in the system, which eliminates having to burden them with patient consent alerts every time his or her record is accessed.
There is no physician to physician or physician to hospital information flow. The patient is the center.
I asked about patients potentially withholding sensitive medical information that a treating physician would need to know in an emergency. Jones said that patients can deposit care information into an emergency access account, which is explicitly explained to them. The patient authorizes users and the system audits and notifies the patient who has accessed their data.
By having the patient at the center of information flow, patient privacy is preserved.
"Patient privacy can be absolutely preserved in a digital healthcare information environment," Jones said.
