Deven McGraw and Micky Tripathi, leaders of the Health IT Policy Committee’s Tiger Team on privacy and security issues, are seeking quick input from health consumers as the industry prepares to make patient information readily available to the patient and others designated to see it under the EHR meaningful use program. The question: Are there enough safeguards in place when family or friends access the data? Here is a blog they posted on Feb. 3 on the HealthIT.gov Web site:

“The Health IT Policy Committee’s Privacy and Security Tiger Team is considering potential privacy and security policy issues that could arise when a family member, friend or legal designee is given access to patient information through the Certified EHR Technology ‘view/download/transmit’ (V/D/T) capabilities.

“Ideally, we want your comments in time to inform our discussions during a meeting we are convening Feb. 10.

“HIPAA permits covered entities to share identifiable health information relevant to a patient’s care with family members or friends involved in a patient’s care, unless the patient objects. It also requires covered entities to treat a ‘personal representative’ (a person authorized under State or other applicable law to act on behalf of the individual in making healthcare related decisions) the same as they would treat the patient. For example, personal representatives have the same rights of access to medical record information as the patient would have. Because patients can access relevant health care information through V/D/T, the Tiger Team is considering whether there are additional privacy and security policy issues that need to be resolved when family or friends access the data.

“That’s where you come in. To further inform this discussion, the Tiger Team wants broad input on this subject. We offer the following questions to kick off this discussion but we invite comment on any issue related to this topic.

“Personal Representatives:

* “Are there policy issues that need further resolution regarding personal representative access to view/download/transmit accounts?

* “How do health-care providers confirm that an individual is, in fact, a personal representative?

“Friends & Family:

* “How are patients’ friends and family provided with credentialed access to view/download/transmit accounts?

* “Is this access ‘all or nothing,’ or are there more granular options?  If the latter, how does this get accomplished?

“The Tiger Team will continue its discussion of these issues at its next meeting, scheduled for February 10th from 2:00 to 3:30 pm EST. Instructions on how to listen to this meeting are here

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access