Confidentality and Information

The health care community must have access to medical records information in order to provide better, less expensive, and more cost effective care to patients while at the same time protecting the confidentiality of medical information.
Medical records information crosses state lines as patients relocate and as health care organizations and insurers expand from one state to another. State laws are not consistent and, in some cases, non-existent. Some would agrue that the state and fede ral laws are insufficient to ensure confidentiality in an environment of advanced information technology.
The goals of managed care for cost-effectiveness and efficient care delivery demand the use of information systems for the purpose of sharing information to providers, insurers, and health care networks. The task at hand is to ensure the confidentiality of medical information as set forth in present and future legislation, to disclose information when necessary in an ethical manner, and to educate the public about its rights with regard to privacy and confidentiality.
This bookmark provides a reference to some of the various WWW sites and documents within some sites that are concerned with the confidentiality of medical information.
There is a vast amount of resources, commentary, publications, and organizations pertaining to health informatics and the confidentiality and privacy issues that health informatics presents.

Documents

CDT's Health Information Privacy Issues Page
The Center for Democracy and Technology (CDT) is a public interest organization whose mission is to "develop and advocate public policies that advance constitutional civil liberties and democratic values in computer and communicatins technologies". I t encourages public interest and participation in the legislative process.
This page within the organization's web site deals specifically with health information privacy issues. References to various pieces of legislation on the subject are outlined and links to commentary and analysis about that legislation is available.
Confidentiality, Patient Rights, and Patient Expectations
This document from Virginia Tech University represents an example of the kind of information that might be given to patients regarding the confidentiality of their medical records. It outlines the conditions under which the information is released an d states that, under some circumstances, a patient's written consent is first obtained. This is a good start in raising patient's awareness about the confidentiality of their medical information. However, as the statement suggests, the confidentiality of the information is only as good as the state and federal laws governing the use and disclosure of such information.
ftp://ftp.loc.gov/pub/thomas/c104/s1360.is.txt
This file was obtained using the Thomas search to government documents. It is a copy of the Medical Records Confidentiality Act of 1995 (S. 1360) enacted by the Senate and House of Representatives.
As set forth, the purpose of the bill is to: 1) establish strong and effective mechanisms to protect the privacy of the people's health care information that is created as a part of the treatment, diagnosis, enrollment, payment, testing, or research proce sses; 2) to promote the efficiency of the health information infrastructure so that members of the health care community may more effectively exchange and transfer information in a manner that will maintain the connfidentiality of personally identifiable health information; and 3) establish remedies for the violation of this Act.
This lengthy piece of legislation provides title provisions that encompass those subject to the Act, individual rights pertaining to health information disclosure, limitations on the use and disclosure of health information, sanctions imposed on violators of the Act, and the relationship of this Act to other (state) laws.
The legal jargon and general nature of legislative literature is difficult at times to read and it has many implications that require much consideration. This site is intersting and vital to the topic of health information sharing and should be used by t hose interested in health care policy to compare with state legislation which is pre-empted by federal law.
http://www.epic.org/pri...cal/EPIC_Principles.txt
The Electronic Privacy Information Center (EPIC) produces literature such as that found in this document that deals with the principles for federal privacy protection of medical records. In this document, EPIC outlines its suggestions for a good medi cal privacy bill. Input from the browser is provided for by an e mail link.
The scope of legislation, patient access, enforcement and oversight, third party access, national databases, research records, security systems, patient identification, and a statement on preemption are the areas mentioned in the document.
The suggestions found here are similar to those of other organizations concerned with privacy legislation with the exception of the preemption statement. this statement suggests that federal law should set a minimum of limitations for medical record priv acy so that the states
can design their own laws that support their individual initiatives. It goes further to suggest that state statutes should not be preempted.
This site is valuable to consumer groups, health care advocacy groups, and those interested in health care policy.
Medical Records Confidentiality
The American College of Healthcare Executives (ACHE) Medical Records Confidentiality page outlines its purpose and provides statements that summarize its position with regard to ethical issues of importance to healthcare administrators.
Presumably, the organization is online since many healthcare executives have access to the internet. In a rapidly evolving managed healthcare system, administrators require readily available references to ethical guidelines as new organizational plans ar e implemented.
According to ACHE, in order for the healthcare organization to meet the demands of managed care contracts, services must be modified and patient’s health information must be efficiently accessible to insurers, caregivers, quality assurance personnel, and others with an interest in the patient’s care and the hospital’s ability to provide services. However, the delivery of high-quality medical care not only demands access to medical records, it also relies upon the confidential nature of the patient-caregi ver relationship.
The ACHE has outlined policy guidelines concerning medical records confidentiality. Not unlike other administrative literature, the policy and guidelines prove to relay its values and acknowledge the need for confidentiality, but provide no direction for organizational planning. This document is interesting in that it provides a reference point by which to compare professional ethical positions regarding health information privacy.
MHDI Ethics and Confidentiality
The Minnesota Health Data Institute (MHDI) site contains a page that describes the principles formulated by the MHDI Committe on Ethics and Confidentiality that guide the access and disclosure of health care data.
The guidelines cover general principles that address discretionary use of health information by specified users, liability of disclosure, internal audits relating to privacy, and public education efforts.
The analysis and data collection sections of the guidelines proscribes the use of patient-identifiable data, limits data to that which is appropriate for the need of disclosure, and provides a mechanism for appeal to content of disclosures.
Access guidelines are provided in the communications network section which are described to be at the discretion of MHDI.
The last statement in this document makes refernce to federal standards. The Institute committs itself to monitoring federal standards and designing a system compatible with those standards. It would be helpful to see some of those standards to see how MHDI stacks up. Overall, it is interesting to read this organization's policy regarding health information access and disclosure as a means to compare it to current legislation. Anyone interested in health policy would be interested in this site.

Sites

AMIA WWW Home Page
The American Medical Informatics Association (AMIA) of Washington, DC has a new web site whose home page links its members and prospective members to information about the Association's meetings, educational events, publications, and projects. An is sue of concern to the Association, as outlined on the home page, is the legislation regarding the privacy of health information. Links to federal legislation and the Association's testimony regarding the Privacy of Information Act are informative and in teresting.
CHMIS HOME PAGE
The Community Health Management Information Systems (CHMIS), has a resource center site whose purpose is to bring together stakeholders such as physicians, hospitals, health plans emloyers, and consumers to help them meet their needs health informatio n sharing within their communities. The resource center was developed with a grant from the John A. Hartford Foundation and is administered by the Foundation for Health Care Quality.
The site provides links to general information about CHMIS and a catalog of documents pertaining to health information issues such as confidentiality and privacy, legislation, etc..
An interesting link allows the browser to go on a tour of the Minnesota Health Data Institute's statewide communications network called MedNet and a tour of the Center for Democracy and Technology. Both of these organizations provide assistance to CHMIS on issues of confidentiality and data structure.
Document Catalog
The Confidentiality and Privacy document catalog in the Community Health Management Information Systems' (CHMIS) web site provides an annotated list of resources concerning confidentiality and privacy of health information that the browser can link to within this page. The resources included in this list include various health informatics organizations, and various state and allied state legislation.
This is a very valuable site for policy makers, health care providers, consumers,
Electronic Privacy Information Center
The Electronic Privacy Information Center (EPIC) is a government-sponsored advocacy orgnaization developed in 1994 that pursues Freedom of Information Act litigation, conducts policy research on privacy issues, and works with Privacy International - a human rights group, on domestic and international privacy issues.
Its web site is a compilation of links to descriptions of its current litigious activities, commentary on present legislation regarding privacy and civil liberties, and past and current EPIC publications. It also has a unique link to an online service th at accepts money donations to support its efforts.
This site is useful to those interested joining the EPIC organization, participating in privacy legislative processes, those in cause-oriented organizations geared toward policy reform and development, and to consumers seeking legal representation or supp ort.
As managed care proliferates the health care system and electronic health information exchange becomes very ordinary, the number of organizations such as this one may increase as consumers and health care providers seek to protect their right to privacy a nd confidentiality.
Information About the Medical Records Institute
The Medical Records Institute describes itself as an organization dedicated to the creation and implementation of electronic health record systems. Its mission statement defines the institutes functions as "a promoter of the electronic medical record ; a clearinghouse of information related to national and international information technology; researchers of information technology; supporters of electronic medical records standards to foster the development of information infrastructure; and a voice o f conscience on aspects of confidentiality, security, and social impact".
The projects underway at the Medical Records Institute are concerned with linking commercial and in-house developers, companies, institutions, and providers interested in improving information systems and databases; formulating international satndards af fecting health care informatics; surveying and providing state information influencing the use of electronic patient records systems with regard to confidentiality, legality, and networking activities.
Lastly, the Medical Records Institue lists its organizational liaisons also interested with the issues relating to the use of medical informatics. Linking to these resources is helpful to gain different perspectives on the issues of health information co nfidentiality.
INFOSHP Home Page
The Information for State Health Policy Program site sponsored by UMDNJ and the Robert Wood Johnson Foundation decribes the program's purpose: "to raise the awareness of the program; to serve as a model for the use of electronic communication and the disclosure of health information; and to provide information on health issues and activities of the programs state grantees".
The goal of the site is to provide health information resources, link viewers to model standards and reports on health statistical information, and allow the experience of researching information to policy makers, health care providers, insurers, and cons umers.
The site is clear on its mission and provides links to a wealth of resources that are specific to requirements for health information infrastructure, types of health statistics data, and confidentiality of health information. An interesting link to sever al examples of state health information resources is also available.
Minnesota Health Data Institute Home Page
The Minnesota Health Data Institute (MHDI) site home page is small in appearance, but it provides links to the Institute's history and mission statement, networking and electronic data interchange systems , a performance review of the system, and the principles guiding health data access and disclosure.
The site describes the Institute as a "public/private partnership for better health care in Minnesota". It is much more than that. Perhaps if the history and mission of the Institue were found on the home page instead of residing in a link, it would bet ter attract readers to this very informative and well written site.
Status of Healthcare Informatics Standards
The Agency of Health Care Policy Research (AHCPR) has co-sponsored this site to provide a compilation of the ctivities of some health care informatics standards organizations.
The site is a somewhat misleading and disappointing in that it does not descibe the activities of the organizations it lists, but rather it links the browser to bibliographies of the organizations' publications and the web site addresses of the organizati ons. Unless it is difficult to obtain the standards organizations addresses by another means this site is really not very useful.

Return to An Overview of Managed Care class home page