Benefits 360: Easing regulations on patient data comes with risks

Patients should have unfettered access to their health data—right? Although many in the health care world would agree, a significant number of stakeholders are expressing concerns about the possibility that easing controls and regulations may result in data being exploited or misused.

A recent move by the U.S. Health and Human Services Department (HHS) to give patients or consumers more control over their health care data has some health care experts worried that the government may be opening a Pandora’s Box that could have unexpected and undesirable outcomes. They say patients may not understand how their data could be used and shared, and advocate slowing down or adding more protections to the HHS approach for data sharing.

Regulators moving forward with IT reform

Federal regulators have for some time been working on a way to modernize data sharing systems in the U.S. The Office of the National Coordinator (ONC) has been finalizing new regulations to streamline and clarify sections of the Trusted Exchange Framework and Common Agreement (TEFCA), as part of an HHS plan to improve health care data interoperability nationwide.

A second draft of this plan was released in April, but a number of stakeholder organizations have asked the ONC to delay the adoption of the new regulations, according to HealthCareDive. “Multiple organizations advocated that ONC push back the relatively short timeline for TEFCA adoption, especially in light of the financial and manpower burden it will place on players across the board. This includes the costs of TEFCA implementation and participation; staffing; privacy and security modifications; contractual changes; education and training; and other issues,” wrote Rebecca Pifer on the HealthCareDive website.

Increased data sharing vs. privacy concerns

Privacy is one of the big issues for many industry groups. According to a recent Politico review of the issue, health care leaders fear that freeing up data could lead to apps that could sell or exploit personal data, perhaps without individuals being aware of it.

The article quotes Steven Lane, clinical informatics director of Sutter Health and a member of ONC’s HIT Advisory Committee as agreeing that patients should have access to their data, but that it can be difficult for consumers to fully understand how that data can be used. “There’s new apps coming online every day,” he said. “Most patients who are using these tools don’t fully understand the privacy implications.” Lane added that physicians and other providers are also usually not IT experts and can’t be expected to coach patients on new apps. “It is neither a priority, a mandate, nor an area where they are likely to have domain expertise,” Lane said.

Congress looking at solutions

Some in Congress have suggested legislative solutions to address these concerns. The Protecting Personal Health Data Act, a bipartisan bill introduced by Sens. Amy Klobuchar (D-MN) and Senator Lisa Murkowski (R-AK) requires the HHS to enact regulations for technologies such as health apps, wearable devices like Fitbits, and direct-to-consumer genetic testing kits that are not regulated by existing laws.

“New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight,” Klobuchar said. “This legislation will protect consumers’ personal health data by requiring that regulations be issued by the federal agencies that have the expertise to keep up with advances in technology.”

It’s too early to tell whether such legislative approaches will be adopted, but as HHS continues the process of updating regulations, more stakeholders are watching to see how data-sharing rules will be revised and the impact that may have on the larger health care industry.

By:  Scott Wooldridge
Source: Benefits 360