HIEs choose different approaches to privacy
A recent virtual roundtable hosted by Symantec on health information exchanges (HIEs) highlighted the different approaches states are taking to protect patient health information.
Oregon is blessed with having a culture for well-documented public processes and embracing the planning process, according to Carol Robinson, State Health IT Coordinator for Oregon State Health Information Technology Oversight Council or HITOC. The state also enjoys a high rate of EHR adoption, with more than 65 percent of providers with some sort of electronic system in their offices, she said.
Oregon will submit its strategic and operational plans to the Office of the National Coordinator in August. The state will take a phased approach to implementation, with Phase 1 focused on the development of the rules of the road for local and regional HIEs. Meanwhile, its workgroups are meeting to flesh out more specialized issues according to their expertise. Robinson said some of the determinations being made are choosing which centralized services will be of value to the state and analyzing gaps for a statewide HIE.
New York State, on the other hand, is mature in its statewide efforts for an HIE. It has 12 independently operated regional health information organizations (RHIOs), which are all involved in state efforts to provide feedback on policy and state guidance for the sharing of data across RHIOs, said Stephen Allen, director of operations for HealtheLink, the Western New York Clinical Information Exchange.
"Privacy and security is a huge thing here in New York," he said. While there are state-level privacy and security rules, the state is giving each HIE and RHIO the option of how to implement it, such as practice or group-level consent versus region-wide consent for all HIE participants. Ultimately, stakeholders are trying to ensure that consent is captured and communicated effectively, he said.
Meanwhile, Texas has decided to put the consumer at the table, said Manfred Sternberg, Chair of the Texas Health Services Authority Board. Operating on the notion that the masses aren't trusting of government, the state has created a public-private partnership to develop the statewide HIE.
Texas is in the early stages of development, but Sternberg said his preference is to push for an opt-in model and a health record bank system, both of which would give more consumer empowerment over the privacy and security of their data by allowing them to determine who sees what data.
The RHIOs in New York State have differing privacy models. HealtheLink uses an opt-in model with a positive informed consent, which 95 percent of patients have signed thus far when presented with the form, said Allen.
The percentage of denials is higher in specialties than with primary care physician offices and hospitals, he said. Overall, Allen said he's pleased with the high percentage of patients granting consent, thanks to a lot of community outreach and education, including press coverage, media and community events.