The Privacy and Security Tiger Team yesterday began exploring how current technologies can help patients make decisions on consent and access to their electronic health records when more sensitive patient data is involved.
The team, composed of government and private sector healthcare privacy experts, teed up questions related to how to accommodate patients who might want to exercise highly-selective levels of control over electronic versions of their personal health information or portions of that data.
Although the direct exchange of patient data between providers for treatment purposes does not require patient consent beyond what is covered in existing law and fair information practices, some patients may want to exercise more choice in consultation with their providers about how their sensitive data is handled, the experts noted.
"We want to honor patient preferences from the policy perspective and determine if technology supports it," said Deven McGraw, the chair of the tiger team, who is also director of the Health Privacy Project at the Center for Democracy and Technology, at the Aug. 3 meeting.
The group's general mission is to come up with solutions to thorny privacy and security challenges related to health information exchange and make recommendations to the Office of the National Coordinator for Health IT.
Some technologies can enable patients to release parts of their medical record to their providers, but the tools and techniques supporting such piece-meal management of patient data are far from fool-proof, noted Paul Egerman, a software entrepreneur and also co-chair of the tiger team.
For example, a provider can decide to not show certain codes in the exchange of a standard Continuity of Care Document (CCD) that specify a condition or illness that the patient does not want shared, such as a sexually transmitted disease (STD), Egerman said.
However, other codes in the record for test results or medications can still allow others to infer the patient has an STD. "It's leaky," Egerman said. "Downstream inferences are beyond the state of the art."
Dr. David McCallie, vice president for medical informatics at Cerner Corp., said his company provides patients a personal health record (PHR), through which the consumer "has the ability to do additional filtering and express additional constraints." Cerner would do deeper per patient filtering "if the technology were available," he said.
The tiger team suggested ONC create models to determine the feasibility of enabling patients to manage their consent preferences and to follow up with pilots to test it and to stimulate innovation.
