Related Resources
- Reporting Minimal Risk When Healthcare Data Exposure Occurs
- Six Ways to Protect Patient Safety
- Disruptive Innovation: The Key to Empowering Patients, Transforming the Healthcare System
- Cloud Security Myths and Strategies Uncovered
- Case Study: Sentara Healthcare Completes an Award-Winning EHR with Enterprise Content Management
NEW YORK – Forty-six organizations have showed their support for the Markle Foundation’s recommendations for privacy and security practices for the “blue button,” which would allow patients to have instant access to their healthcare records.
“By clicking the blue button, you could get your own health information electronically – things like summaries of doctor visits, medications you are currently taking, or test results. Being able to have your own electronic copies and share them as you need to with your doctors is a first step in truly enabling people to engage in their healthcare,” said Carol Diamond, MD, MPH, managing director at Markle.
The private not-for-profit organization based in New York, released a policy paper on Tuesday that called on the U.S. Department of Health and Human Services to make patients' access to their records a priority in all health IT efforts, including:
- Specifying the download capability as an allowable means for providers to deliver electronic copies of health information to individual patients consistent with the policy and technology recommendations of the Markle Connecting for Health Common Framework.
- Making the download capability and our policy recommendations a requirement of qualified health IT so that providers using qualified systems will have this capability.
- Making the download capability a core requirement for federal- and state-sponsored health IT grants and projects.
Markle Connecting for Health has developed a set of privacy and security practices to guide implementers. This new policy guidance builds on the Markle Connecting for Health Common Framework for Networked Personal Health Information – a set of policies and practices that provide a foundation for all health IT tools directed at consumers.
The paper details privacy policies and practices for implementing the download capability with sound authentication and security safeguards and suggests practices to help individuals make informed choices about downloading their information such as:
- Providing a clear, concise explanation of the download function and its most fundamental implications for the individual.
- Providing prominent links that enable individuals to view more details about the download process, including what basic security precautions to take on their own, how the service answers questions, and who to contact if they believe some of the downloaded information is in error.
- Obtaining independent confirmation that the individual wants to download a copy of personal health information after presenting information about its sensitivity and who might see it.
The Markle Foundation also makes recommendations regarding making records available to the right person (and the right machines). Including the following protections:
- Deploying separate pathways for download requests from the individual, and download requests via automated processes acting on the individual’s behalf.
- On human-accessible download pages, deploying an effective means to determine whether a real person is requesting the download.
- Keeping a record of download events in immutable audit logs.
- Considering enabling individuals to set up automated notifications for each time their information is downloaded.
- Including source and time stamps for data entries in the information downloads.
“We recommend specific privacy policies to help individuals make informed choices about downloading their personal health information, and to emphasize sound authentication and security practices,” said Josh Lemieux, director of personal health technology at Markle. “By supporting this set of policies, a wide range of leaders commit to practices that encourage individual access to information in a way that respects privacy and security.”
The Markle Foundation’s paper is being released as Medicare and the U.S. Veterans Administration (VA) prepare to implement a blue button this fall that will, for the first time, allow beneficiaries to electronically download their claims or medical information in a common format from the My Medicare.gov and My HealtheVet secure websites.
President Obama announced the blue button for veterans in an Aug. 3 address:
“For the first time ever, veterans will be able to go to the VA website, click a simple blue button and download or print your personal health records so you have them when you need them, and can share them with your doctors outside of the VA,” the President said.
“People see a lot of different healthcare providers over time, so giving them a convenient option to securely assemble their health information from multiple sources will help them better manage and coordinate their own care,” said Christine Bechtel, vice president of the National Partnership for Women & Families, and a member of the federal Health IT Policy Committee. “This capability is one of the simplest and most direct ways of helping patients and families see the benefits of the federal health IT investments that they, as taxpayers, have helped fund.”
Click on the next page for a list of 46 organizations that supported the Markle Foundation.
