The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have requested for adjustments to be made to HIPAA in order to enhance the access to health information of patients, make health data more portable, and to increase security of the health data in the app ecosystem.
At a Capitol Hill briefing session held on Wednesday, 5th December 2018, titled “Unlocking Patient Data – Pulling the Linchpin of Data Exchange and Patient Empowerment,” leaders from AMIA and AHIMA were joined by other industry experts in a discussion about the impact federal policies are having on patients’ ability to access and use their own health information.
Consumers currently have access to their personal information and use this information to find out about products and services prices from various providers, to book travel and to conduct reviews and comparisons. However, while many industries have improved access to consumer information, the healthcare industry falling behind. So far, it has failed to implement a comparable, patient-centric system.
“Congress has long prioritized patients’ right to access their data as a key lever to improve care, enable research, and empower patients to live healthy lifestyles,” claims Douglas B. Fridsma, AMIA President and CEO. “But enacting these policies into regulations and translating these regulations to practice has proven more difficult than Congress imagined.”
CEO of AHIMA, Wylecia Wiggs Harris said, “AHIMA’s members are most aware of patient challenges in accessing their data as they operationalize the process for access across the healthcare landscape… the language in HIPAA complicates these efforts in an electronic world.”
Currently, patients are still struggling to obtain their health data in a way that allows them to share that information with other entities. Compared with other types of consumer information, health data just doesn’t have the same portability. Adjustments to HIPAA legislation will allow the healthcare sector catch up other industries, and indeed with the times.
Altercations to HIPAA Necessary in order to Support Access and Portability of Health Data
AMIA and AHIMA both believe HIPAA needs to be modernized to improve patient access to health data.
Two measures were suggested by the associations to achieve this:
- the establishment of “Health Data Set”, a new term that incorporates all data about a patient that is held by a HIPAA-covered entity or business associate. This includes clinical, biomedical, and claims information.
- An updated definition of a Designated Record Set that is currently used in HIPAA legislation. Also, for certified health IT to be required to provide that data set in electronic form and in a way that allows patients to use and reuse their data simply.
These two options would both help solve the problem at hand. The first solution would support the right of the patient to access their health data. As well as this, it would support the development of the ONC’s certification programme in the future which would allow patients to download and electronically transmit their health data to third parties through an Application programming interface (API). The second solution, an update to current definition of a record set, would help to clear up the rules for both providers and patients.
Right of Access Extension for HIPAA
The AMIA and AHIMA also believe that the HIPAA right of access should be extended entailing there should be an amendment to entities that are not covered by HIPAA but manage individual health data. This includes entities such as companies that develop mHealth apps and social media health applications.
The reason for this is that similar data is created, stored, and transmitted by HIPAA-covered and non-HIPAA-covered entities, yet data access policies differ for both groups. Regardless of what type of entity collects and stores health data, there should be a more uniform method of data access.
There was also a suggestion from AMIA and AHIMA stating that federal regulators should clarify current guidance related to third-party legal requests. “Health Information management (HIM) professionals continue to struggle with the existing Office for Civil Rights guidance that enables third-party attorneys to request a patient’s PHI,” noted AHIMA’s Wylecia Wiggs Harris. “AHIMA members increasingly face instances in which an attorney forwards a request for PHI on behalf of the patient but lacks the information required to validate the identity of the patient. As a result, the HIM professional is challenged as to whether to treat it as an authorization or patient access request, which has HIPAA enforcement implications.”