Health Data in the Information Age Use, Disclosure, and Privacy (1994) / Chapter Skim
Currently Skimming:
Summary
Summary
Pages 1-26
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 1... ...
Health Data in the Information Age: Use, Disclosure, and Privacy advances recommendations related to the public disclosure of quality-ofcare information and the protection of the confidentiality of personal health information. The emergence of health database organizations whether through national health reform, state legislative initiatives, commercial ventures, or local business, medical, and hospital association coalitions provides the impetus to explore how such assembled patient-level health care information can be used appropriately.
|
From page 2... ...
The interests that have prompted such action cover a broad range: the need to control business costs attributable to health benefits, the desire to use technological and computer applications to decrease administrative costs of processing insurance claims, the wish of experienced health services researchers to exploit the potential of health databases to evaluate and improve health care, the responsibility of community leaders to plan expansion and contraction of health care facilities and services across the nation, and the need to transmit medical history information for an increasingly mobile population. Coincident with these interests are the greatly enhanced electronic capabilities for data management in many aspects of daily life.
|
From page 3... ...
The committee uses health database organization (HDO) to refer to entities that have access to (and possibly control of)
|
From page 4... ...
Consequently, those who establish health databases and HDOs may be creating something for which the end uses cannot always be anticipated. Large databases such as those maintained by HDOs will be dynamic; in the committee's view, policies regarding access to those databases should, therefore, be based on firm principles that are flexible enough to accommodate unavoidable changes and unanticipated uses.
|
From page 5... ...
The committee was particularly interested in linked databases that have, at a minimum, two specific characteristics: (1) their linking involves movement of health data outside the care setting in which they have been generated and (2)
|
From page 6... ...
Throughout its discussions, the committee focused on regional databases those that pertain to a defined population of individuals living in, or receiving health care in, some specifiable geographic area. Far-thinking experts envision a time when regional entities will be linked across the nation, even if their governance and operations remain close to home; this creates the very long-range view of a national health data repository (operated by either a single organization or a consortium of regional or state entities)
|
From page 7... ...
BOX S- I COMMITTEE RECOMMENDATIONS RECOMMENDATION 2.1 ACCURACY AND COMPLETENESS To address these issues, the committee recommends that health database organizations take responsibility for assuring data quality on an ongoing basis and, in particular, take affirmative steps to ensure: (1) the completeness and accuracy of the data in the databases for which they are responsible and (2)
|
From page 8... ...
RECOMMENDATION 3.4 ADVOCACY OF DATA RELEASE: PROMOTING WIDE APPLICATIONS OF HEAETH-RELATED DATA To foster the presumed benefits of widespread applications of HDO data, the committee recommends that health database organizations should release non-person-identifiable data upon request to other entities once those data are in analyzable form. This policy should include release to any organization that meets the following criteria: · It has a public mission statement indicating that promoting public health or the release of information to the public is a major goal.
|
From page 9... ...
RECOMMENDATION 4.2 DATA PROTECTION UNITS The committee recommends that health database organizations establish a responsible administrative unit or board to promulgate and implement information policies concerning the acquisition and dissemination of information and establish whatever administrative mechanism is required to implement these policies. Such an administrative unit or board should: promulgate and implement policies concerning data protection and analyses based on such data; · develop and implement policies that protect the confidentiality of all person-identifiable information, consistent with other policies of the organization and relevant state and federal law; .
|
From page 10... ...
Otherwise, the committee recommends that health database organizations not authorize access to, or release of, information on individuals with or without informed consent.
|
From page 11... ...
Key Factors in Public Disclosure Public disclosure is acceptable only when it (1) involves information and analytic results that come from studies that have been well conducted, (2)
|
From page 12... ...
More specifically, the committee recommends that HDOs regularly produce and publish results of providerspecific evaluations of costs, quality, and effectiveness of care (Recommendation 3.1~. The subjects of such analyses should include hospitals, health maintenance organizations, and other capitated systems; fee-for-service group practices of all sorts; physicians, dentists, podiatrists, nurse-practitioners, or other independent practitioners; long-term-care facilities; and other health providers on whom the HDOs maintain reliable and valid information.
|
From page 13... ...
To enhance the fairness and minimize the risk of unintended harm from the publication of evaluative studies that identify individual providers, the committee recommends that each HDO should adhere to two principles as a standard procedure prior to publication: (1) to make available to and upon request supply to institutions, practitioners, or providers identified in an analysis all data required to perform an independent analysis, and to do so with reasonable time for such analysis prior to public release of the HDO results; and (2)
|
From page 14... ...
One has to do with primary health records, however they are created and maintained, and the other involves health records stored electronically. The increasing complexity of health care and the involvement of greater numbers of individuals in health care delivery has resulted in ever more people accessing the health record to deliver and document care.
|
From page 15... ...
Existing ethical, legal, and other approaches to protecting confidentiality and privacy of personal health data offer some confidentiality safeguards, but major gaps and limitations remain. The committee's recommendations are intended to strengthen current protections for confidentiality and privacy of health-related data, particularly for information acquired by HDOs.
|
From page 16... ...
Examples include mandatory reporting of communicable diseases and gunshot wounds. Physicians and other health professionals may also be required to divulge personal health information under legal "compulsory process," which may take the form of subpoenas or discovery requests enforced by court order.
|
From page 17... ...
Such redisclosure practices represent a yawning gap in confidentiality protection. As a practical matter, policing redisclosure of one's personal health information is difficult and may be impossible.
|
From page 18... ...
Last, enforcing rights through litigation is costly, and money damages may not provide adequate redress for the harm done by the improper disclo sure. i Security In the context of health record information, confidentiality implies controlled access to and protection against unauthorized access to, modification of, or destruction of health data.
|
From page 19... ...
Its use is for all practical purposes unconstrained, and this makes the risk of commingling health data with all other forms of personal data and an individual's actions extremely high. Major privacy risks arise when medical information is used in decisions unrelated to health care, such as employment, promotion, and eligibility for insurance or other benefits.
|
From page 20... ...
exempt health database organizations from public health reporting laws and compulsory process with respect to person-identifiable health data except for compulsory process initiated by record subjects (Recommendation 4.1~.
|
From page 21... ...
Thus, the committee sees the route of federal legislation as one more mechanism for addressing this problem for all computer-based systems that deal with health data. Data Protection Units HDOs will need clear and enforceable, written organizational policies and procedures in several areas: informing patients of their rights regarding their own data; protecting medical information and materials; ensuring the accuracy of data; and verifying compliance with their policies.
|
From page 22... ...
promulgate and implement policies concerning data protection and analyses based on such data; . develop and implement policies that protect the confidentiality of all person-identifiable information, consistent with other policies of the organization and relevant state and federal law; · develop and disseminate educational materials for the general public that will describe in understandable terms the analyses and their interpretation of the rights and responsibilities of individuals and the protections accorded their data by the organization; develop and implement security practices in the manual and automated data processing and storage systems of the organization; and .
|
From page 23... ...
situations, but only with the informed consent of the patient. Otherwise, the committee recommends that health database organizations not authorize access to, or release of, person-identifiable information with or without informed consent (Recommendation 4.3~.
|
From page 24... ...
As discussed earlier, consent might be given electronically and might be time limited. Finally, the committee recommends above that HDOs not authorize access to or release of health information on individuals with or without the informed consent of the individual in any situation or to any requester other than those stated above.
|
From page 25... ...
. The committee acknowledges the danger and inappropriateness of these practices and regarded them as sufficiently worrisome that it recommends that employers not be permitted to require receipt of an individual's data from a health database organization as a condition of employment or for the receipt of benefits (Recommendation 4.41.
|
From page 26... ...
ad HDOs, governmen1 agencies, and public- and privale-seclor institutions must implement caraway planned strategies for Heiress and privacy protection and educate the public, health care providers, policymakers, and patients about these protections. This Sport is intended to be an early step in that educational and public policy-making process.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.