Providers: Expect patients to start asserting their privacy rights

Tools

Those of us who use, develop, sell, write about and otherwise deal with electronic health records live in an arcane world.  We know what the terms Meaningful Use, ICD-10, iEHR and protected health information mean. We debate details that the general populace, for the most part, is not familiar with. 

I'm not sure if this is a good thing.

For instance, most people at this point have at least a vague idea that HIPAA increases patient privacy, and have been handed a Notice of Privacy Practices (even if they haven't read it). A lot of people have received letters notifying them of instances in which laptop computers containing their records have been stolen, and have been offered free credit monitoring.  

But do they really understand the consumer rights that HIPAA affords them? I have read dozens of articles about HIPAA and the new rule, but they've all been from within the industry. Mainstream media hasn't given this as much attention. 

As a result, many consumers don't really know how they can take advantage of HIPAA. They don't realize that they can take an active role in how their personal data is used and assert their privacy rights.

Take a look at the right for an accounting for disclosures. As I understand it, even though this right has been on the books since 1996, very few patients have asked for an accounting. Some providers have had no such requests.

Or, take the right to access and amend the medical record; how many patients have asked to do that?

Or, how about the right to authorize and revoke authorization for use of patient information for marketing and fundraising? I've never been handed an authorization form. For all I know, my information is being used this way and I don't even know about it.  

But this won't stay under wraps forever. Stages 2 and 3 of the Meaningful Use program place an emphasis on patient engagement. As patients begin to interact more with providers regarding their records, they almost certainly will start raising questions and becoming more aware of their privacy rights.

And when word actually gets out, the increased burden on healthcare organizations--especially EHR users--could be significant.   

Take the new provision that allows a patient to keep treatment hidden from an insurer. I think that this could be one of the most popular privacy right patients use. But it will be burdensome to flag and segregate that treatment from the rest of the medical record. With copy and paste usage, or upon sharing of the record with a specialist, it's very possible that the restricted information inadvertently could end up in the hands of an insurer, say, during a routine audit.

Accounting for disclosures could prove equally as burdensome. The HITECH Act expanded this right when it comes to accountings of electronic records. Once the final rule implementing this provision is released and publicized, providers may see the demand for these rise significantly, since it sounds relatively easy to implement. Sure, an EHR audit trail can capture the information, but it will take time and effort to compile it.

I hope that healthcare organizations are giving this some thought and preparing for these anticipated demands. Frankly, I'm surprised that we haven't seen more patients asserting these rights already. - Marla (@MarlaHirsch)