Patient Privacy, Consent, and Identity Management in Health Information Exchange

Patient Privacy, Consent, and Identity Management in Health Information Exchange: Issues for the Military Health System

Susan D. Hosek
Susan G. Straus
Copyright Date: 2013
Published by: RAND Corporation
Pages: 102
  • Cite this Item
  • Book Info
    Patient Privacy, Consent, and Identity Management in Health Information Exchange
    Book Description:

    As a step toward improving its health information technology (IT) interoperability, the Military Health System is seeking to develop a research roadmap to better coordinate health IT research efforts, address IT capability gaps, and reduce programmatic risk for its enterprise projects. This report identifies gaps in research, policy, and practice involving patient privacy, consent, and identity management that need to be addressed to improve the quality and efficiency of care through health information exchange.

    eISBN: 978-0-8330-7799-8
    Subjects: Health Sciences

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. Preface
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-vi)
  4. Figure
    (pp. vii-viii)
  5. Tables
    (pp. ix-x)
  6. Summary
    (pp. xi-xviii)
  7. Acknowledgements
    (pp. xix-xx)
  8. Abbreviations
    (pp. xxi-xxiv)
  9. CHAPTER ONE Introduction and Background
    (pp. 1-18)

    The Military Health System (MHS) and the Veterans Health Administration (VHA) have been among the nation’s leaders in health information technology (IT). They have been leaders in the development of health IT systems and electronic health records (EHRs) that summarize patients’ care from multiple providers.¹ Since the Gulf War and during the conflicts in Iraq and Afghanistan, there has been renewed interest in the coordination of health care activities in the Department of Defense (DoD) and Department of Veterans Affairs (VA), including the sharing of capabilities to improve health care cost effectiveness, to better understand combat-related health risks, and to...

  10. CHAPTER TWO Privacy of Individual Health Information
    (pp. 19-30)

    The shift from paper medical records to electronic records raises new concerns about privacy. Access to paper records for individual patients is limited to authorized personnel at the treating provider organization, including providers, clinical support staff, and administrative personnel. The same personnel may also access individual patients’ electronic records. However, unlike paper records, electronic records can be disclosed in very large numbers, for example, through inadvertent loss or theft of computer storage devices. As more protected health information (PHI) is made available to networks of providers, the business associates of providers, and for secondary uses such as research and marketing,...

  11. CHAPTER THREE Patient Consent for Health Information Exchange
    (pp. 31-50)

    As noted in Chapter Two, electronic HIE heightens concerns about the privacy of patient health information. Recording and transmitting patient information electronically make it very easy to request and send patient health information, and exchange models involving transmission of PHI among third parties, such as HIOs, increase risks of disclosure and misuse (McGraw and Egerman, 2010). Patient consent or authorization for HIE is central to the issue of privacy, yet there is often ambiguity and controversy about the meaning of consent and mechanisms for obtaining it. For example, responses to requests for public comment on the proposed HIPAA rule revealed...

  12. CHAPTER FOUR Patient Identity Management
    (pp. 51-66)

    PHI is linked to individual patients through a number of identifiers, such as name, address, email address, phone number, a unique patient identifying number (e.g., Social Security number [SSN] or a number maintained for use only in health care), health plan or other account number, birthdate, and personal characteristics such as gender. Identifiers link information to the individual patient when the information is stored or retrieved by a single provider with a health IT system and/or exchanged across systems by providers treating the same patient. Non-unique, out-of-date, or incorrect identifiers can cause two types of errors:

    false negatives: failure to...

  13. CHAPTER FIVE Conclusions and Recommendations
    (pp. 67-72)

    Successful HIE depends on critical mass. Without widespread adoption of EHRs and the supporting infrastructure, HIE cannot be successful. Although DoD has been at the forefront of health IT adoption, uptake among civilian providers in the United States has been relatively slow and uneven—as evident most recently in revisions and extensions to meaningful use criteria and in the general lack of success in RHIOs. To achieve nationwide implementation of VLER for all beneficiaries, including military family members, the primary challenges for the MHS to address pertain to data exchange with civilian providers.

    Below we review gaps in research, policy,...

  14. References
    (pp. 73-78)