The HIMSS Electronic Health Record Association (EHRA) responded earlier this week to Senate Finance Committee members Ron Wyden and Chuck Grassley’s request for comment in June on balancing health data availability and patient privacy.
The EHRA, which is composed of 40 member companies serving the majority of hospitals and ambulatory practices using EHRs, discussed the fast-growing nature of EHR adoption and the role that meaningful use has played in widespread implementation. But it used an addendum letter to answer specific questions, including those relating to patient data privacy and security such as patient record matching. According to EHRA, the U.S. needs a consistent nationwide patient data matching strategy, but must consider privacy and security as well.
At the moment, governance and ownership policies in compliance with state and federal laws for PHI privacy and security for providers using EHRs appears to be less of a problem than health information exchanges (HIEs).
Secure HIE that protects patients’ privacy rights and honors their wishes and directives is at the core of implementing broad data sharing among providers, payers, patients, and other stakeholders. It is widely recognized that the inconsistencies in various state and federal privacy laws as they pertain to sensitive health information, such as that protected under 42 CFR Part 2 (Confidentiality of Alcohol and Drug Abuse Patient Records), continue to be obstacles to widespread HIE. . . Harmonization of state privacy laws is essential, therefore, in order to deliver a mechanism that provides a nationwide, privacy-focused legal framework for access and disclosure of sensitive PHI based on patient-directed consent.
Inconsistent data transmission laws among states and the government can certainly be confusing for healthcare providers trying to participate in HIEs, so implementing a national patient data matching strategy appears to be sound advice from the EHRA.
Read the entire letter here.