Home » Blogs » Meaningful Use

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

One person’s “research” may be another’s invasion of privacy

October 31, 2011 | Jeff Rowe, Contributing Writer

Related Resources

When the topic of protecting patient data comes up, the discussion usually concerns how best to protect information from being stolen or inappropriately accessed. But that’s the easy part of the privacy debate.

The more complicated part comes when the topic of “research” comes up. After all, a big part of the allure of HIT is that digitized health information will be more readily available for doctors, patients, and researchers alike. From there, the thinking goes, it can be used in the effort to improve healthcare quality and efficiency.

But where does the line fall between a patient’s right to privacy and an as yet ill-defined “obligation to contribute” to ongoing research efforts?

That, to our eyes, is the question lying just beneath the surface of the recent effort by policymakers to develop effective guidelines for when and how patient health data can be used by researchers.

As this article sums it up, “The federal Health IT Policy committee has recommended that the Department of Health and Human Services (HHS) not require patient consent for the use of electronic health record (EHR) data in research on improving the delivery of healthcare services. At the same time, however, the federal advisory body urged HHS to require healthcare organizations to follow ‘fair information practices’ designed to protect patient privacy.”

That recommendation comes on the heels of HHS’ recently proposed rules, which suggested “that patient consent should be required for any secondary use of patient-identifiable EHR data in healthcare services research.”

To the HIT Policy committee, that’s a bit too restrictive. One member of the Tiger Team, the subcommittee charged with looking at security and privacy issues, said “it would be counterproductive to require the same type of patient consent for the use of EHR data in health services research that is required in clinical trials.”

That’s an interesting comment, in that it suggests there’s an obvious difference between “health services research” and clinical trials. We’re not saying there isn’t a difference, but it seems reasonable to suspect that even when it comes to efforts to improve their own physician’s services, some patients just might not want to have their health information involved.

Are policymakers saying those folks don’t have a right to say “No”?

 

Related Topics:

Reader Comments (1)Login to Post a Comment

BethJones says: Managing Patient Privacy
October 31, 2011 | 4:39PM GMT

Thanks for the great article! The most important thing to ask yourself when working with an EHR is -- do you know your vendors patient privacy policy and process? Once patient data leaves your facility it is in the hnads of your vendors! Best practices for healthcare provdiers and vendors include encrypting data that is moving through a network, encrypting data that resides in a database, and encrypting data when it is created, updated, stored, or deleted.