Tracking Who Accesses Data Via HIEsPilot Tests Enabling Patients to See Who Requests Records
A federally-funded pilot project is testing a mechanism to report to patients the third-party requests made for their protected health information via health information exchanges using Nationwide Health Information Network standards, says Staggs, chief technology officer at Jericho Systems. Jericho is partnering with The University of Texas at Austin and others on the project.
The Privacy with Dynamic Patient Reviews pilot, which kicked off in April and is slated to wrap up by year's end, is a project of the Office of the National Coordinator for Health IT's Standards & Interoperability Framework.
"As the financial consequences of medical ID theft are better understood ... and the loss of privacy is better understood ... healthcare consumers will demand a review of who asked for their healthcare information that's as simple to read as their credit card statements. This pilot is a step toward that," Staggs says in an interview with Information Security Media Group.
By spotting requests for records from healthcare providers they do not recognize, patients are potentially better able to recognize medical ID theft than "machine learning algorithms," he points out. Also, in the absence of a national patient identifier, patients themselves are more likely to catch errors involving mismatched patient information in their records if they are able to review the requests made for their PHI, he says.
"The central goal is to add transparency to the exchange of PHI," Staggs says. "We should all have an way to easily find out when someone has made a request for PHI from a healthcare provider."
The pilot will also test "granular patient consent" beyond the simpler, and most common, opt-in or opt-out authorizations for data sharing, Staggs says. This granular consent could allow only portions of records to be shared or withheld from data exchange based on the patient's instructions, he says.
In the interview, Staggs also discusses
- The technology, best practices, and standards being used for the pilot;
- How the project will address current gaps between patient consent and the health information that gets exchanged;
- How the project fits into standards for nationwide health information exchange.
Staggs, CTO at Jericho Systems, is a computer architect and patent attorney with 30 years of experience in engineering information systems, defining business requirements and developing security standards. Before joining Jericho, Staggs managed a team supporting the Nationwide Health Information Network [NwHIN]/ Virtual Lifetime Electronic Health Record project sponsored by the Veterans Health Administration of the Department of Veterans Affairs. Staggs has also written eight technical standards.