HIPAA is designed to give patients control of their own medical data -- who can see it, who can access it, and who can use it, especially with regards to third parties. But when it comes to physicians themselves, the status quo is patients being expected to fully disclose, so doctors have all the information they might need to treat them. A new study is challenging that paradigm.
The study comes out of The Regenstrief Institute, Indiana University School of Medicine and Eskenazi Health, published as a five-part special supplement to the Journal of General Internal Medicine, and it shows that patients for the most part want controls of their data. Using Eskenazi Health's in-house electronic record system, researchers gave 105 patients the option to block sensitive information, including information on sexually transmitted diseases, substance abuse or mental health, from their care providers. Doctors could still gain access to the data if they deemed it medically essential by hitting a "break the glass" button in the back-end interface.
"To the best of our knowledge, a trial like ours has never been attempted before, and we believe it presents an opportunity to shape national policy based on evidence," Regenstrief President and CEO William Tierney, MD, principal investigator of the project, said in a statement. "We learned that patients have widely different opinions of what kinds of their health care data they would like visible to different members of their health care team and others, such as health services researchers, who might have access to information in their electronic medical record."
Researchers found that nearly half of patients elected to hide some information from their doctors. Even more patients than that appreciated having the option, although doctors were less enthusiastic. Some felt the arrangement was fine as long as patients acknowledged the potential risks of doctors not having information needed for optimal treatment.
"Without an understanding of how medicine is practiced, a patient may not appreciate why access to their health information is needed by medical team members other than their physician or nurse, for example, a specialist or a clinical lab or unit clerk," Tierney said in a statement. "While understandably concerned about privacy, they may not realize how important it is for their medical team to have access to the complete medical record. For example, an emergency room doctor or primary care doctor needs to know everything about the patient, even sensitive issues such as recreational drug use or pregnancies or sexually transmitted infections."
The Office of the National Coordinator for Health IT supported the research with a $1.6 million grant.
"It is important for patients to have confidence in how clinicians and others use their sensitive health information, ONC privacy chief Lucia Savage said in a statement. "Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with the Regenstrief study, give us new insights on these issues.”