Patients seek strong say in how their data are used
■ A study finds that blanket consent for access to records is not preferred. Patients want to know who accesses every piece of data.
A study in the September-October issue of Annals of Family Medicine shows that even patients who are generally comfortable with their data being shared electronically want to be in control of how that information is shared.
Researchers from Weill Cornell Medical College in New York surveyed 170 patients from the Hudson Valley in New York. They found that 78% wish they could explicitly approve the sharing of all types of information, and most prefer restricting information by clinician (83%), visit (81%) or information type (88%) (link). However, two-thirds of those surveyed said they supported the idea of sharing health information.
The Statewide Health Information Network for New York (SHIN-NY) requires patients to opt into having their information shared, and all patients surveyed are covered under that network. All-or-nothing opt-ins do not allow patients to select which information is shared or with whom.
Lead author Rainu Kaushal, MD. MPH, director of the Center for Healthcare Informatics at Weill Cornell Medical College, said the survey shows that patients have a clear preference “to be involved in and notified of communications by their physicians of their medical information, thereby optimizing privacy and security.”
Dr. Kaushal said physicians should have a procedure to tell patients how and with whom they plan to share data. This should happen during direct patient-physician communication at the point of care, she said. It’s more of an issue when a physician practice becomes involved in a community health information exchange, Dr. Kaushal said. With no parameters for how information can be accessed or used, any physician in an HIE could access patients’ records without their permission or knowledge.
The study authors said that as more states and communities launch HIEs, state and federal agencies are involved with identifying common technical standards and privacy policies that developing HIEs should follow.
“Ensuring that HIE standards and policies incorporate consumer preferences and expanding the scope of consumer engagement and education campaigns around an HIE will be key in gaining the public’s trust,” the authors wrote.
The authors said a possible limitation to their survey is that it was conducted in a “fairly homogenous community with a population that may not be generalizable to all health care consumers.” But patient concerns about privacy and security and their desire for better control over how their data are shared have been well documented in numerous studies.
A 2010 random survey of 1,847 adults in The American Journal of Managed Care in December 2011 showed that 70% were very or somewhat concerned about the privacy of health information exchanges. Fifty-two percent said they wanted to choose which physicians and health care organizations access and share their data (link).
A study in the Journal of the American Medical Informatics Assn. in January-February 2010 found that doctors also have concerns. Researchers surveyed 1,043 Massachusetts physicians about their attitudes regarding HIE participation. Overall, they perceived health information exchanges as having positive effects, but 55% said they were somewhat concerned about privacy (link).
Health information exchanges have different models of consent. Although New York has an opt-in approach, other HIEs have opt-out approaches in which patients are automatically included unless they request otherwise. Most of these are all-or-nothing consents.
The New York Civil Liberties Union issued a report in March calling on the statewide HIE to offer patients more control. Corrine Carey, assistant legislative director of the NYCLU and author of the report, said the report stemmed from complaints she heard from physicians. They were concerned that an all-or-nothing approach would result in each treating physician being responsible for every bit of data entered by each physician the patient has seen. The NYCLU said data are uploaded to the exchange regardless of whether a patient opts in. The consent is only for viewing the already uploaded data.
In response to the NYCLU report, the nonprofit New York eHealth Collaborative, which advocates health information exchange, announced March 29 that it will form a committee with the New York State Dept. of Public Health to update and create policy measures to protect personal health information.