Civil liberties group criticizes health information exchanges over privacy

A lack of standards on sharing data could put patient records at risk, according to a report.

By — Posted April 10, 2012

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

A report by the New York Civil Liberties Union examining health information exchanges in the state questioned the legalities of the patient privacy policies in place and criticized the exchanges for not doing enough to protect patients.

The findings are applicable to health information exchanges across the country, the report’s author says, because there are no established best practices for the sharing of data through HIE organizations. New York is often viewed as a leader in such exchanges, as it had some of the first ones in the nation.

Corrine Carey, assistant legislative director of the NYCLU and author of the report, said because information can be uploaded to an HIE without patient consent, the NYCLU and other patient privacy groups have argued that these policies are not consistent with state law, which requires physicians to get consent from a patient before transferring records to a third party. Patients do, however, have to give consent before those files can be accessed by another physician, which makes the policies consistent with the law, according to the New York State Dept. of Health.

The report also criticized the state’s “all-or-nothing” approach to consent, which doesn’t allow for patients to choose what data can be shared or kept private. Carey said a concern about the rule was brought to her attention by the many physicians she spoke with while drafting the report. They were concerned that if all of a patient’s information is made available to every treating physician, each doctor could be held accountable for taking every bit of information into consideration when treating a patient.

“So, for example, if there’s something that they missed on page 1,234, will they be held liable for missing that detail?” Carey asked. “So it’s a case of ‘Be careful what you wish for,’ because on the one hand, it sounds like a good idea to have all of the conceivable information that you need about a patient. But when you actually think about the reality of getting someone’s entire medical record, I’m not so sure how happy physicians are going to be once they see what that capability is going to produce.”

Peter Constantakes, spokesman for the New York State Dept. of Health, said the department “believes that our current policies comply fully with federal and state laws, and that patient information is well protected under the current set of policies, but we are always looking for ways to improve the system.”

Carey said there is nothing stopping physicians from implementing their own best practices when it comes to data exchange. They should explain clearly to patients what it means to be a part of a HIE and what they are consenting to when they grant access to their records.

“Our recommendations for New York are absolutely applicable to every state’s exchanges and, in fact, to the Nationwide Health Information Network,” Carey said.

Constantakes said there is an “ongoing process to review all policies related to the exchange,” and that the NYCLU’s comments and others will be taken into consideration.

The nonprofit New York eHealth Collaborative, which advocates health information exchange, announced on March 29 that it is partnering with the New York State Dept. of Public Health to form a committee to update and create policy measures to protect personal health information.

Until recently, Carey said, “People haven’t been thinking about protecting privacy in the health exchanges, or if they have thought about it, it was very, sort of, initial thoughts and so there wasn’t a developed privacy analysis from a consumer perspective.”

Although there was a dialogue starting at the federal level, New York began implementing its health information exchanges while that dialogue was going on and before policies were agreed upon.

At its Annual Meeting in June 2011, the American Medical Association House of Delegates adopted policy calling on the AMA to study the issue of data usage and privacy and draft model legislation.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn