OVERVIEW
advertisement
OVERVIEW Creation of State Legislation to Protect and Facilitate Use and Exchange of Electronic Health Information • Background—Health Information Exchange in New Mexico and HISPC Project—Privacy Barriers • Focus on Privacy y Legislation g • Methods and Key Tasks • Key Provisions of NM Draft Legislation • Introduction and Fate of Privacy Bill • Results and Next Steps • Conclusions Shelley Carter, RN, MCRP, MPH1, Maggie Gunter, PhD1, Bob Mayer2, Randy McDonald, JD1, Kathy England1 Academy Health Public Health Systems Washington, DC June 7, 2008 1Lovelace 2New Clinic Foundation · Albuquerque, New Mexico Mexico Department of Health - Santa Fe, New Mexico 1 2 “Changing conceptions of the medical record and increasing automation – are important forces behind the Commission’s conviction that now is the proper time to establish privacy protection safeguards for medical records that will enhance the integrity, and thus the efficacy, of the medical-care relationship” 3 Report of The Privacy Protection Study Commission - July, 1977 The Privacy Act of 1974 created the Privacy Protection Study Commission. Its charter was to study privacy issues and recommend future legislation. Concerns with privacy of medical information are not new. 4 Background • Why New Health Privacy Legislation? • Our research showed that New Mexico’s health information protection laws had problems: Creation of NMHIC The New Mexico Health Information Collaborative (NMHIC) was created in late 2004 with funding from AHRQ and community organizations • – Objective: creation of a health information exchange network for the state to provide cross-organization data to providers at point of care and eventually to patients – Privacy concerns from the outset—but HIPAA appeared to allow data sharing across organizations for purposes of treatment, payment, and operations without patient authorization. fragmented and dated addressed only paper-format records enacted prior to the adoption of the HIPAA Regulations were more restrictive than HIPAA in some cases put both EHR and health information exchange development at possible legal risk, as well as providers – did not consider potential positive impact of health information technology on patient care Health Information Security and Privacy Collaborative (HISPC) Project. AHRQ provided new funding (2006) through RTI – – 5 – – – – – Objectives: to identify and create solutions for key privacy and security barriers to electronic health information exchange posed by business practices and state laws NM selected health information privacy legislation as its implementation focus • Proposed solution: passage of comprehensive new health information legislation to address issues and supersede all previous laws 6 1 Methods and Key Tasks Goal of Proposed NM Legislation • Research health information laws in all 50 states • Initial meetings with privacy experts • Draft legislation • Identify legislative sponsors • Engage stakeholders in the review of legislation • Introduce legislation titled “New Mexico Electronic Health Information Act” during the 2008 Legislative Session Draft legislation in NM that authorizes the use of electronic h lth records health d (EHR (EHRs)) and d ffacilitates ilit t the operation of the health information exchange (HIE) while protecting patient privacy 7 8 Stakeholder Views Differ: New Mexico’s Draft Legislation • Struggle for balance between needs of privacy advocates and needs of provider organizations • Patient consent required for provider to access data from outside providers, even for treatment (more restrictive than HIPAA) Patient Privacy Advocates -• Legislation should require substantial safeguards protecting privacy/security of health information • Central to the legislation is an individual’s right to determine access by others (providers/institutions) to their health information • Benefits of EHRs and HIE need to be balanced against possible harm • “Break the Glass” situations must be clearly defined • “Opt In” is the preferred method of inclusion (proactive patient consent or data NOT shared) 9 10 Views from the Healthcare Industry The Real Adventure Begins: NM Legislative Session—Jan. 08 • HIPAA Regulations should be “ceiling” • More restrictive consent will be burdensome, expensive, and unnecessary to protect patient data and privacy • More restrictive regulations will undermine and delay implementation and benefits of EHRs and health information exchange 11 • NM Electronic Health Information Act introduced as part of Governor’s universal coverage reform package • Three components – Legal authorization of EHRs – Develop plan to set dates to require electronic claims, EHRs, and health information exchange – Privacy requirements for EHRs and HIE 12 2 All Aspects Controversial Results and Next Steps • EHR Authorization: MD legislator: ”I never use medical records—a waste of time. We should carry our health records on a 3” by 5” card, as they do in Nepal.” • Resistance to an unfunded mandate for EHRs • Republicans opposed to Governor’s health reform f proposal—so l also l opposed d this hi bill • Privacy controversy (a gulf): – ACLU wanted stronger privacy protections and penalties – Payors and health systems: no stronger than HIPAA 13 • EHR legislation turned down by Senate • Identify and educate key legislators as champions • EHR bill will be reintroduced (possible revisions) – 2009 Legislative Session 14 Conclusions • Resolving privacy and security issues is essential to building a viable state or national HIE network • Key aspect: designing and passing state privacy legislation addressing patient consent, user authentication, and authorization • Such legislation will provide the legal foundation for both EHRs and HIEs • Significant step toward legal interoperability needed for information sharing among states Albuquerque Balloon Fiesta October 3 - 12, 2008 Lovelace Clinic Foundation · Albuquerque, NM Shelley@ LCFresearch.org 15 16 3
