The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) are calling for adjustments to HIPAA to give patients better access to their medical information, make health information more portable, and give better protection to the health data in the app environment.
On December 5, 2018, during the Capitol Hill briefing session entitled “Unlocking Patient Data – Pulling the Linchpin of Data Exchange and Patient Empowerment,” AMIA and AHIMA leaders joined up with other industry professionals to discuss the impact of federal policies on the accessibility of patients’ health information.
At present, consumers can access their personal data and use the information to arrange travel, determine the prices of goods and services from various providers, and perform comparisons with different service providers. However, while a lot of industries have enhanced consumer access to information, the healthcare industry has been slow to implement similar changes.
The P in HIPAA means portability, but patients are still having difficulties obtaining their health information in a useful form that enables them to share it with other organizations. Health information must be portable, just like other types of consumer data. AMIA and AHIMA argued that adjustments to HIPAA laws will help healthcare providers improve patients’ access to their health data and make it easier for patients to share that information with other providers and entities.
AMIA and AHIMA propose the modernization of the HIPAA to improve patient access to health information and suggest two options to achieve this aim. One option is to establish a new term – “Health Data Set” – which includes all data concerning a patient that is kept by a HIPAA-covered entity or business associate, such as biomedical, clinical and claims data.
Alternatively, the definition of a Designated Record Set that is presently utilized in HIPAA legislation could be changed and certified health IT could be required to offer that data set in digital form and in such a way that it allows patients to more easily use and share their data.
The former would support a patient’s right to health data access and would guide the ONC’s certification program in the future to enable patients to view, download, and digitally transmit their health records to third parties by means of an Application programming interface (API). The changes to the current designated record set definition would help explain HIPAA rules to providers and patients and could also achieve the same aim.
AMIA and AHIMA additionally support extending the HIPAA personal right of access to cover non-HIPAA-covered entities such as companies that produce mHealth apps or create health social media apps as similar health information is created, stored, and sent by HIPAA-covered and non-HIPAA-covered entities. Currently, data access policies are different for the two groups. There ought to be greater uniformity of data access, irrespective of what kind of entity gathers and stores health information.