Sunday, July 11, 2010

Applying Technology to Privacy

On June 29th, ONC’s HIT Policy Committee’s Privacy & Security Tiger Team hosted a hearing to discuss how technology can be applied to complex and sensitive issues surrounding patient privacy. Several companies discussed how their technology helps consumers deal with privacy and consent issues.

Michael LaRocca representing InterSystems Corporation recognizes that operational tasks that involve collecting consent policies from patients is burdensome and potentially confusing plus when collecting consent information from patients, there is always a need to balance simplicity with functionality.

He explained how InterSystem’s “HealthShare” deals with their secure EHR systems on a regional or national level. To begin with, consumers accessing personal health information have to be verified by HealthShare’s Consent Service. All consent policy definitions are stored in HealthShare’s Consent Registry. When the user queries the HealthShare Consent Service, the Consent Registry returns a single merged version of the consent policies that covers the exchange of all health information.

Michael Stearns M.D. President and CEO of e-MDs, Inc. an EHR and practice management software provider and also serving as President of the Texas e-Health Alliance, a non-profit advocacy body to examine consumer consent policy issues at the state level.

He said, “Today, policies, workflow, and technology issues related to the protection of confidential information are areas of vigorous debate within the healthcare system. Our e-MD EHR system enables the patient to have some ability to decide what information is to be shared but yet additional patient-centric controls are needed”

He described how e-MD’s EHR implements the patient’s consent. To start with, information can be marked as confidential in several areas of the EHR including the Health Summary and Progress Notes sections. Confidential information can also be removed or blocked from view in documents that are exported from the system.

The EHR allows the provider to make components of the health summary confidential and viewable only by certain individuals based on their privileges. Protected information can be marked as private or preselected as confidential during the template development and editing process.

The patient does not have a direct role but can ask the provider to mark certain information as confidential where this information will be blocked out when viewed by someone who does not have the specified privilege.

Today, e-MDs has over 27,000 users in 49 states and U.S. territories and probably impacts over 1,000,000 patients served by their providers. This will increase because right now the private information is not available to external facilities or HIEs.

Robert Shelton CEO of Private Access, an early stage company, is developing a consumer-centric technology platform to enable individuals to create and manage privacy protections for their confidential health information and permit their confidential information to be efficiently located and shared when they consider it beneficial.

Patients set up secure accounts where they establish consents and make their privacy preferences known about some or all of their personal health information. These consents can be given to an individual, to an entity, or to groups of entities.

He told the Committee that his company has invested nearly $8 million in building the first generation of the PrivacyLayer® system. The company is now launching a series of commercial beta releases that began earlier this year with live patient data. On the basis of this work, the company is preparing for a series of later broader commercial releases.