Stakeholders can add two more phrases — directed exchange and meaningful consent — to the health information technology lexicon as they continue to understand the recommendations federal policymakers are considering for the meaningful use rollout.
The privacy and security tiger team of the Health IT Standards Committee presented its final recommendations to the full committee during its Aug. 30 meeting. The privacy suggestions are the culmination of work conducted this summer and led by committee members Deven McGraw, director of the health privacy project at the Center for Democracy & Technology; and Paul Egerman, chairman and CEO of eScription.
Providers who participate in the Electronic Health Record Incentive Program, or EHRIP, which is being managed jointly by the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare & Medicaid Services (CMS), will have to demonstrate secure information exchange. It is one of the criteria for the meaningful use of health IT, and it comes with its own set of privacy, security and technical concerns that adds to the issues already facing providers trying to adopt EHRs in their practices. Policymakers are continuously devising policies and strategies for launching meaningful use so providers can be sure to adopt the right technologies to qualify for the incentives.
Among its security recommendations, the team has created two concepts for information exchange that determine when patients and providers should be able to access personal health information, and what type of PHI. Directed exchange, according to the team, refers to information that goes from one physician to another for treatment purposes. Extra effort to ensure patient permission isn’t required. “There’s an implied consent to exchange that information,” Egerman said.
But in cases where information exchange is broader and is not under the control of the provider, patients should be able to exercise meaningful consent, the team suggests. Patients might need time to consider the release of their data and discuss what it means with their physicians, McGraw said. “You need to provide a greater amount of education.”
The work forms the base of more privacy and security research that will be conducted this fall as policymakers begin to think beyond Stage 1 of meaningful use, which starts next year.