EHR Access: The Great DebateAre Healthcare Organizations Prepared to Respond to Perceived Demand?
But let's be practical here. Do patients really want to know the identity of every doctor, nurse, technician, intern, specialist, admin and consulting physician who ever viewed their records? I mean, is there a pent-up demand for this type of disclosure now? And are healthcare facilities prepared to provide the system and personnel support necessary to provide this information on-demand? Can your organization afford this expense?
Are healthcare facilities prepared to provide the system and personnel support necessary to provide this information on-demand?
There's a good debate to be had here, and executive editor Howard Anderson has attempted to foster it by bringing together a pair of thought-leaders with some divergent points of view.
In a unique podcast interview, Access Reports: Is Revamp Inevitable?, Howard speaks with Adam Greene, formerly of the Department of Health and Human Services' Office for Civil Rights, as well as Dan Rode of the American Health Information Management Association. Greene says the benefits of providing consumers with an all-encompassing list of everyone who has accessed their records may be outweighed by the substantial burden involved in providing such lists. Rode, meanwhile, contends that hospitals and clinics lack the ability to easily combine and analyze access log information from the dozens of information systems that house patient information.
Listen to this interview, please, to hear where the two men agree and disagree. Then make up your own mind - and be sure to read some of the comments from organizations that took advantage of the Aug. 1 deadline to submit feedback.
In other news of note, it seems the big breaches keep getting bigger. Remember Health Net Inc., the insurer that revealed a massive breach said to impact 2 million people nationwide - 124,000 of those in Oregon? Well, this week comes word that maybe this breach was under-reported, perhaps affecting as many as 130,000 Oregonians.
The breach, which was discovered Jan. 21, stemmed from missing server drives at a data center managed by IBM. Personal information affected included names, addresses, social security numbers and health and financial information.
In a recent apology to customers, James Woys, Health Net's chief operating officer, said, "We have recently discovered that there was an error in the data analysis and your SSN was included on the unaccounted for drivers ... We sincerely apologize for this mistake."
Also in the headlines, the Office of the National Coordinator for Health IT has issued an advance notice of proposed rulemaking, seeking public comment on metadata standards to support nationwide electronic health information exchange.
In short, these metadata standards would include three criteria: patient identity [name, data of birth, address, zip code and patient identifier], provenance [the source of the data] and privacy preferences. After the 45-day comment period, ONC will decide whether to require the use of metadata in certain circumstances for stage two of the HITECH Act EHR incentive program.
Finally, a reminder: There is still time to participate in our first-ever State of Healthcare Information Security Today survey. We've received scores of responses so far, and a sneak peek at the early returns shows insider threats, such as records snooping and ID theft, are perceived to be the most significant security threats to healthcare organizations.
What are your top threats, and how are you addressing them? Share your ideas by taking our survey.