Tiger Team aims to remove HIE barriers
March 13, 2013 in Medical Technology
The day before the ONC’s privacy and security subcommittee met to discuss policy recommendations for health information exchange query and response issues, Epic Systems CEO and subcommittee member Judy Faulkner got an email from a doctor in Madison, Wisconsin.
“I have a patient who moved to Chicago,” the doctor said, as Faulkner recounted at the subcommittee Tuesday. “She needs a bladder biopsy at Northwestern, which as you know is on Epic. She wanted me to look at the records, but I couldn’t unless she came to Madison and signed a release.”
That’s the protocol Northwestern Memorial Hospital has been using, not necessarily the norm. “Everybody can set it up in different ways,” Faulkner said.
Creating policy recommendations for HIE data query and response that reduces “real or perceived barriers,” without being overly prescriptive, is the privacy and security “Tiger Team” subcommittee’s task at hand in the coming months.
[See also: ONC panel seeks input on patient credentialing.]
As HIE query and responses become increasingly automated, one of the main questions is whether providers’ digital data exchange policies will follow the precedent of paper and manual information sharing.
In instances where the provider does not have control of the data, the subcommittee had previously recommended that patients have the ability to decide the fate of their information.
But as co-chair and eScription founder Paul Egerman asked: “If you have a system where there’s an automated query and an automatic response, does that mean that the record holder has control or do they not have control, and does our previous recommendation of meaningful consent apply?”
Faulkner then wondered, “Are we setting up a situation where by definition automated means they don’t have control?”
“Well, that’s the question,” Egerman said.
Previously, the subcommittee recommended three scenarios necessitating meaningful patient consent: when a centralized HIO makes information available to other parties, when a federated HIO controls access to individual patient data, and when information is aggregated outside of a provider or “organized healthcare arrangement.”
Both Faulkner and David McCallie, MD, VP of medical informatics at Cerner, were wondering if the issue could be solved by an algorithmic response “that just automates the decision process that exists today,” as McCallie put it.
If providers program automated queries and responses to match their health information management department policies for releasing data manually, Egerman asked, how does that affect the subcommittee’s goals?
“I would actually argue that we may have gotten it close to right in the straw response,” said Deven McGraw, the subcommittee chair and director of health privacy at the Center for Democracy Technology.