On the table, for instance, was the right of patients to have some degree of control over their de-identified data. The HIPAA rules are set up to not only permit use of such data, but to actually encourage its use, noted Marcy Wilder, a privacy and information management attorney at the law firm Hogan Lovells. However, if there is a way to recover the data, it cannot be considered de-identifiable.
There was general agreement that everyone routinely benefits from de-identified data in many ways they’re not aware of, such as disease surveillance.
But even so, the interests of the individual in regards to his or her de-identified data still must be addressed, said Mark Rothstein, chair of law and medicine at the University of Louisville School of Medicine. And the issue is autonomy, he said. “It’s my information and I should decide who uses it.”
Another looming issue is that health privacy laws have not caught up with technological advances, and that will affect policies governing disclosure of health information. Frank Pasquale, a professor of health care regulation and enforcement at Seton Hall Law School, noted that the emerging use of metadata--tagged data elements that can give instructions on how the data is to be used--could give consumers granular control over their health information. Certain types of data, for instance, could be tagged as not to be shared without patient consent.
The Office of the National Coordinator for Health Information Technology is funding a metadata tagging pilot project, but the market isn’t ready for uniform application, said Joy Pritts, chief privacy officer at ONC. “It is something we are looking at.” The impetus for bringing metadata to health care came from a December 2010 recommendation from the President’s Council of Advisors on Science and Technology.
For your consideration: Proposed Stage 2 rule calls for limited use of metadata
But Pritts also reminded the audience that many patients want their providers to have access to their information and “are pretty mad” when they learn that providers haven’t seen important information.
Because of technology advances in information technology, the Federal Communications Commission, which has traditionally focused on cracking down on misleading claims from companies, is moving toward focusing on unfair trade practices, Pasquale said. For example, implantable medical devices that automatically transmit information will increase the need for stronger privacy protections. “It would be unfair for devices to lock people into reporting.”
