The American College of Physicians (ACP) has issued a position paper, "Health Information Technology and Privacy," which argues for restrictions on the sharing of patient data, including restrictions on the sale of patient data to third parties. At the same time, the ACP is concerned that physicians not be burdened with excessive regulatory restrictions on uses of patient data that inhibit the sharing of medical data for treatment purposes or blunt the adoption of electronic health record (EHR) technology. In the words of the ACP:
"A balance needs to be achieved between the need for complete, accurate, and available medical records and the requirement that all protected health information be secure and confidential to serve the best interests of the patient."
While the ACP agrees that patients should have the right to know about disclosures of their health information, health care providers should be able to put reasonable constraints on patient rights:
"Providers should be permitted a reasonable period to comply and to charge the patient a fee that is based on the cost of providing the information."
A few months ago, we wrote about California's effort provide patients with an audit history of modifications and deletions, as well as access, to their medical records. The growing initiative to provide patients with an audit history of access to their health information, spearheaded by HHS and several states, will provide a challenge to health care compliance and privacy officers already taxed to keep up with violations of patient privacy.
To cope with the emerging reporting challenges, and to minimize provider workload and costs, health care providers can turn to a new generation of data analytics applications that import raw data from the conventional EHR systems and analyze patient record transactions in ways not previously possible. These new SaaS-based analytical intelligence solutions provide health care compliance and privacy personnel the ability to easily adapt to new reporting requirements imposed by changing regulatory requirements without diverting IT personnel to installation, configuration, and custom development of site-deployed software.
Download a white paper on medical records privacy breach detection as a service. Learn about a service that proactively identifies unauthorized breaches of patient privacy, even by authorized users - with no hardware and no on-site software.
Sources:(a) Health Information Technology and Privacy - American College of Physicians, July 2011
Want updates on patient privacy issues? Subscribe to our newsfeed and follow us on Twitter (@Veriphyr)!