- As more healthcare organizations offer increased options for patient data access, it is crucial that health data security measures do not become an afterthought. HIPAA regulations allow for patients to access their own health data, but there are still crucial privacy and security considerations that must be adhered to.
The American Medical Informatics Association (AMIA) and OpenNotes announced earlier this week that they are collaborating to improve how patients are able to access their clinical notes.
“The evidence-base is clear: providing patients access to their physician’s notes improves physician-patient communication and trust, patient safety, and perhaps even patient outcomes,” said AMIA Board Chair and Medical Director of IT Services at the University of Washington’s UW Medicine Thomas Payne, MD, FACP, FACMI. “AMIA is delighted to support OpenNotes towards its goal of making online access to notes the standard of care.”
OpenNotes is a movement and not just a technology, which wants to ease how providers “share visit notes with patients online, through secure, patient portals.” It is important for patients, families, and caregivers to feel as if they are in control of care decisions, according to a joint AMIA and OpenNotes statement.
AMIA President and CEO Douglas H. Fridsma, MD, PhD, FACP, FACMI explained at AMIA’s 2017 Annual Symposium that this is the direction in which healthcare should be heading. Consumer and personal health informatics needs to continue to advance forward.
AMIA developed six Policy Principles and Positions in 2016 and 2017 that centered on the idea that patients should be empowered to access and have control of their own personal health information.
“AMIA’s commitment to involving patients, families, and caregivers in work to improve health care is terrific,” OpenNotes Executive Director Catherine M. DesRoches, DrPH, said in a statement. “We look forward to working even more closely with an organization that believes health record transparency is a remarkably powerful way to effect change.”
Other organizations have been working to ensure that patients and providers understand the patient data access process, and that PHI security is maintained.
AHIMA released a new form in July 2017 that is designed to do exactly that, and aims to streamline the access process while maintaining HIPAA compliance.
AHIMA Director of HIM Practice Excellence Lesley Kadlec told HealthITSecurity.com in a previous interview that AHIMA wants to align consumers with their health information, but that patients might not always have a proper understanding of all of their rights under HIPAA regulations.
“Consumer engagement and making sure that consumers understand their right to access their health information is really something that we've been focusing on,” Kadlec said. “We wanted to enable our members and health care organizations at large to be able to have a tool that would help them make sure that their patients are having easy access to their medical records.”
The AHIMA form is meant to be a template, and organizations can modify the form to their own specific contact information.
“We wanted to make sure that we had an easy tool that anyone could use to allow the patient to have that access or to give that access to their designated personal representative,” Kadlec explained.
“This is just a suggested model form,” Kadlec continued. “We know that some organizations may have their own forms, and we certainly support that. But we wanted this form to be made available to those organizations who did not have an easy plain language form for patients to use to get that access to their information.”
Organizations must find the right balance between maintaining patient PHI security and allowing information to flow freely, according to the HIPAA Privacy Rule. That balance will “provide and promote high quality health care and to protect the public's health and well being,” HHS states on its website.