Friday, June 25, 2010

State considering eHealth privacy policy that defaults everyone into the system

A DPH state planning committee announced that they are recommending a privacy policy for state health information exchange that would default consumers into the system unless they affirmatively opt-out. The process to opt-out, or even how consumers would be informed of their rights, is unclear. The recommendation also requires providers – hospitals and doctor’s offices – to remove any sensitive information from files shared on the exchange and to accept liability for anything that is missed. This would require scouring medical records for any reference to a drug or a doctor’s note that signals any HIV/AIDS, mental health or substance abuse issues, which state law prohibits sharing without affirmative patient consent. The committee, which includes no consumer representatives, held a public forum Wednesday evening to discuss the policy and the larger strategic plan that was not well publicized or well attended. DPH is taking comments on their plan which is to be submitted to the federal Office of National Coordinator in September.
Last year after a thoughtful public process, eHealthCT, a nonprofit group, developed an opt-in privacy policy for a Medicaid pilot health information exchange scheduled to begin operation next month. Every patient will have to affirmatively consent to sharing their information on the pilot exchange. Other states with opt-in polices find that the vast majority of patients give their consent. All our neighboring states have adopted opt-in policies. The eHealthCT privacy committee developed our policy after convening a diverse group of providers, technology and legal experts and consumer groups. We held forums at the capitol, collected input online, and created a consensus policy with wide support.
If you would like to submit comments on the state’s plans, email Meg.Hooper@ct.gov.
Ellen Andrews