Dec 8, 2018
The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have required modifications to HIPAA to be made to improve patients’ access to their health information, make health data more moveable, and to better safeguard health data in the app ecosystem.
At a Wednesday, December 5, 2018, Capitol Hill briefing gathering, named “Unlocking Patient Data – Pulling the Linchpin of Data Exchange and Patient Empowerment,” leaders from AMIA and AHIMA met other industry specialists in a conversation about the effect federal policies are having on the capability of patients to access and use their health information.
Presently, users have access to their private information and add and use that information to reserve travel, find out about rates of goods and facilities from different suppliers, and carry out analyses and comparisons. However, while several industries have upgraded access to consumer information, the healthcare industry is out of date and has so far failed to apply a comparable, patient-centric system.
“Congress has long spotlighted patients’ right to access their data as the main lever to upgrade care, enable research, and authorize patients to live healthy lives,” said AMIA President and CEO Douglas B. Fridsma. “But legislating these plans into rules and translating these rules to practice has proven more difficult than Congress supposed.”
AHIMA CEO Wylecia Wiggs Harris said, “AHIMA’s members are most conscious of patient challenges in retrieving their data as they operationalize the process for access across the healthcare landscape… the language in HIPAA obscures these efforts in an electronic world.”
The P in HIPAA does represent portability, however, patients are still trying to get their health data in a practical form that lets them share that information with other units. Health data must be moveable, as is the case with other kinds of consumer information. Modifications to HIPAA law will assist the healthcare sector to catch up with other industries.
Modifications to HIPAA Needed to Support Access and Movability of Health Data
Both AMIA and AHIMA propose HIPAA needs to be upgraded to improve patient access to health data and two alternatives were proposed. One alternative is the establishment of a new term – “Health Data Set” – that includes all data concerning a patient that is held by a HIPAA-covered unit or business associate, including clinical, biomedical, and claims information.
On the other hand, the definition of a Designated Record Set that is presently used in HIPAA law might be updated and for qualified health IT to be needed to provide that data set in electronic shape and in a way that lets patients use and reuse their data.
Both alternatives would serve as a solution to the problem – The former would back a patient’s entitlement to access their health data and also back the growth of the ONC’s certification program in the future to let patients see, download, and electronically transfer their health data to third parties through an Application programming interface (API). The update to existing record set definition would assist to clarify laws for both suppliers and patients.
HIPAA Right of Access Must be Extended
AMIA and AHIMA also back the extension of the HIPAA individual right of access and alteration to units that are not protected by HIPAA but administer individual health data: Units such as companies that develop mHealth apps and health social media applications.
Similar data is generated, saved, and transferred by HIPAA-protected and non-HIPAA-protected units, however, data access policies differ for both groups. There must be greater consistency of data access, irrespective of what kind of unit gathers and saves health data.
AMIA and AHIMA also propose federal watchdogs must explain existing guidance related to third-party legal requests. “Health Information management (HIM) experts carry on to struggle with the present Office for Civil Rights guidance that enables third-party lawyers to request a patient’s PHI,” clarified AHIMA’s Wylecia Wiggs Harris. “AHIMA members increasingly face cases in which a lawyer forwards a request for PHI on behalf of the patient but lacks the information needed to certify the identity of the patient. As a consequence, the HIM expert is challenged as to whether to treat it as a permission or patient access request, which has HIPAA enforcement repercussions.”