I think that these ‘rights’ are three of the most important ones that HIPAA created. There are others, but it would be impossible to cover them all here. During your years in practice, what significant advances have you seen in health information technology? It was around 2005 when I recall health information technology (IT) really starting to take off. First, there was a massive push to transition medical records from paper to an electronic format. In the beginning, this transition was voluntary. However, by 2011 the federal government deployed a program called ‘Meaningful Use’ which initially financially rewarded healthcare providers for adopting EMRs, but then punished those who did not do so by 2018 by reducing their Medicare and Medicaid reimbursement. Next came efforts to connect providers, patients and their electronic medical information through internet-supported networks called either ‘regional health information organisations’, ‘health information exchanges’ or ‘health information networks’. For years, these networks attempted to either connect EMRs to each other or develop ‘data wells’ where certain healthcare information about individuals was aggregated and maintained in a single source. However, lack of interoperability proved to be a barrier that stymied progress. Today, we are in a phase where interoperability of health IT is a paramount goal. The federal government has pivoted to requiring developers of certified health IT to essentially ‘open up’ their application programing interfaces (API). This, in turn, is now allowing different EMR vendors to connect to one another with more ease. Moreover, this is creating new opportunities for individuals to use mobile apps to directly connect to multiple providers’ EMRs to access and control their health information. What have the consequences of these advances been for patients’ privacy? It cannot be denied that when medical records were maintained predominantly on paper, it was more certain that the privacy of health information contained in such records could be protected. Paper medical records were typically manually controlled by the custodian and therefore much less accessible. Provider custodians would often refuse to release any part of these medical records unless the patient signed a paper consent form allowing such release, including when the patient wanted any part of such records released to themselves! Moreover, data breaches of paper records usually only happened when there was an incident of improper disposal (e.g. failing to shred) or records were taken off premises. FEATURE OF THE MONTH 19
RkJQdWJsaXNoZXIy Mjk3Mzkz