The ONC's Health IT Policy Committee's Privacy and Security Tiger Team is calling for public comment on privacy and policy concerns surrounding patients giving access to their health information.
Led by committee Chair Deven McGraw the panel is asking for input prior to their next meeting, slated for Feb. 10 at 2 p.m.
As, they noted in the ONC blog, written by McGraw and Micky Tripathi, co-chair of the Tiger Team and president and CEO of the Massachusetts eHealth Collaborative, HIPAA permits covered entities to share identifiable health information relevant to a patient's care with family members or friends involved in a patient's care, unless the patient objects. It also requires covered entities to treat a "personal representative" the same as they would treat the patient.
[See also: HIPAA security gaffe puts PHI on Google.]
Because patients can access relevant healthcare information through view/download/transmit, the Tiger Team is considering whether there are additional privacy and security policy issues that need to be resolved when family or friends access the data.
Among the questions, the Tiger Team will tackle:
- Are there policy issues that need further resolution regarding personal representative access to view/download/transmit accounts?
- How do healthcare providers confirm that an individual is, in fact, a personal representative?
- How are patients' friends and family provided with credentialed access to view/download/transmit accounts?
- Is this access "all or nothing," or are there more granular options? If the latter, how does this get accomplished?
[See also: Company needs patient OK to sell PHI.]
