“A recent study in the Journal of the American Informatics Association reports that nearly one in eight patients has withheld information from their healthcare providers due to security concerns. Moreover, most of the respondents were very concerned about the security of their information when it was being shared electronically or by fax. Just last week, advocacy organization Patient Privacy Rights sent a letter to the U.S. Department of Health & Human Services urging the agency to improve privacy protections of patients’ electronic health records, particularly in the cloud and in HIEs.”
But state Health Information Exchanges (HIEs) don’t allow patients to control the disclosure of personal health data. Some state HIEs don’t even ask consent; the HIE collects and shares everyone’s health records and no one can opt-out. Most state HIEs ask patients to grant thousands of strangers—employees of hospitals, doctors, pharmacies, labs, data clearinghouses, and health insurers—complete access to their electronic health records.
When corporations, government, and HIEs prevent patients from controlling who sees personal health data– from prescriptions, to DNA, to diagnoses– millions of people every year avoid or delay treatment, or hide information.
HIEs that open the door to even more hidden uses of health data will drive even more patients to avoid treatment, rather than share information that won’t be private.
Health IT systems that harm millions/year must be fixed. Technology can put us in control of our data, achieve the benefits and innovations we expect, and prevent harms. We have to change US law to require technologies that put patients in control of their electronic health records.