Privacy panel advocates encryption for simple HIE

By Mary Mosquera
Monday, May 24, 2010

Healthcare providers should encrypt patient information when they share it with another provider, even in a case of the direct exchange of personal health information or data that is not facilitated by a health information exchange or other third-party organization. 

The recommendation for guarding patient information privacy in a simple health information exchange was made by the privacy and security workgroup of the Health IT Policy Committee at a May 19 policy committee meeting.

In recent weeks the workgroup has been wrestling with determining at what point in a health information exchange it becomes necessary for providers to obtain consumer consent to approve an exchange a transaction.

The workgroup took the perspective of what a “reasonable patient would expect,” said Deven McGraw, the panel’s co-chair at a May 19 policy committee meeting. McGraw is also director of the Health Privacy Project at the Center for Democracy and Technology.

The panel proposed that policies for encryption, limits on identifiable information in a message header and verification of the identification of the sending and receiving providers should govern one-to-one exchanges.

Encryption, which makes information unreadable until the intended recipient unlocks it, should be required, especially when the potential exists for transmitted data to be exposed, according to the recommendations.

Meaningful use or certification criteria or a modification of the Health Insurance Portability and Accountability (HIPAA) security rule could include that requirement, she said.

“If strong policies, such as the above, are in place and enforced, we don’t think this scenario needs any additional individual consent beyond what is already required by current law,” said McGraw.

Providers must conduct simple direct exchanges of health information as part of the first stage requirements for meaningful use of electronic health records in order to qualify for financial  incentives in 2011.  Some providers might require a third party, such as a directory service, to assist even in a simple one-to-one exchange.

More complex health information exchanges or other models of exchange, such as state health information exchange, may require stronger policies, including patient consent, McGraw said.



Please use the space provided below to write your comments to our editorial staff. We will respond to your comments and input via e-mail.

Your Name: (optional)


Your Email: (optional)


Your Location: (optional)


Comment:
 
 
  

Subscribe to Government Health IT

Cover Story

magazine coverCover Story
Uncle Sam Wants Usability
Feds say usability standards are essential for accelerating health IT adoption and ensuring safety
Read more

NEW enhanced Digital Edition of GHIT

eSeminar

Mitigate Communication Breakdowns in VA Healthcare Facilities to Improve Patient Flow for a Better Patient Experience

August 31, 2010
12:00 Noon Eastern / 11:00 AM Central / 10:00 AM Mountain / 9:00 AM Pacific

Communication breakdowns in hospitals are a major cause for sentinel events. Veterans Affairs hospitals, like most care facilities, primarily rely on multiple, inefficient tools for communications including pagers, overhead paging, and desk phones. With the deployment of an instant communications solution, healthcare workers have more time with patients, experience better patient flow, and create a better patient experience for veterans and their families. In this one-hour webinar you will learn how communications systems restore the human connection to healthcare with instant communication at the critical points of care.

Register online >>