At a recent meeting of the National Health IT Policy Committee, the CEO of a large electronic health records (EHR) corporation said technology for “data segmentation”—which ensures patients control who sees and uses sensitive data—is something “vendors don’t know how to do.” But that simply isn’t true. Vendors do know how to build that kind of technology, in fact it already exists.
At the same meeting, the National Coordinator for Health IT recognized the Department of Veterans Affairs and the Substance Abuse and Mental Health Services Administration for their “demonstration of technology developed for data segmentation and tagging for patient consent management”, but he seemed to forget that millions of people receiving mental health and addiction treatment have been using EHRS with consent and data segmentation technologies for over 12 years. Again, the technology already exists.
- -Technology is NOT the problem—it’s not too hard or too expensive to build or use consent and data segmentation technologies.
- -Data segmentation and consent technologies exist: the oldest example is EHRs used for millions of mental health and addiction treatment records for the past 12 years.
- -All EHRs must be able to “segment” erroneous data to keep it from being disclosed and harming patients—that same technology can be used to “segment” sensitive health data.
- -Data segmentation and consent technologies were demonstrated ‘live’ at the Consumer Choices Technology Hearing in 2010. See a video: http://nmr.rampard.com/hit/20100629/default.html
- -Starting in 2001, HIPAA required data segmentation and consent technology for EHRs that keep “psychotherapy notes” separated from other health data. “Psychotherapy notes” can ONLY be disclosed with patient permission.
- -The 2013 amendments to HIPAA require EHRs to enable other situations where data must be segmented and consent is required. For example:
- -If you pay out-of-pocket for treatment or for a prescription in order to keep your sensitive information private, technology systems must prevent your data from being disclosed to other parties.
- -After the first time you are contacted by hospital fundraisers who saw your health data, you can opt-out and block the fundraisers from future access to your EHR.
The real problem is current technology systems and data exchanges are not built to work the way the public expects them to—they violate Americans’ ethical and legal rights to health information privacy.
The public will discover that today’s health technologies and systems have fatal privacy flaws. The unintended consequence of using flawed technology is millions of people will avoid or delay treatment and hide information to keep their health information private and suffer from bad health outcomes.
US health technology should improve health and outcomes, not cause the health of millions to worsen.
How can the US fix the privacy flaws in health technology systems so EHRs and other health technologies can be trusted?