In a new report, the New York Civil Liberties Union wants to give patients the rights to control which doctors see their medical information or allow them to opt out all together.
The New York Civil Liberties
Union has released a report
asking policymakers governing the exchange of electronic health records in New
York State to allow patients more control over which types of doctors see their
Sharing EHRs are likely to
make the health care system more effective and efficient, yet privacy controls
are needed to protect patient information, according to the NYCLU report,
called "Protecting Patient Privacy: Strategies for Regulating Electronic
Health Records Exchange."
"The New York Civil
Liberties Union supports electronic sharing of medical records, but takes the
position that patients must be able to control who has access to their medical
information," the group wrote in its report. "Patients must also be
assured that those who do have access receive only information that is relevant
to their treatment."
As NYS continues to develop
policies regarding its system of health information exchanges, called Statewide
Health Information Network for New York (SHIN-NY
medical data among providers, insurance companies and government agenciesthe
NYCLU has presented some recommendations on how to maintain privacy in the
In the March 6 report, the
NYCLU suggests that patients be able to "sort and segregate" medical
information so that one doctor may not be able to see the information of
another. For instance, patients may not want their podiatrist to have access to
data from a gynecologist, said Corinne Carey, NYCLU assistant legislative director
and author of the report.
"Systems can be set up
to sort and segregate information so that providers and patients have control
over what kinds of data flow through the system," Carey told eWEEK.
Patients can also flag
information that's protected by state or federal law, she noted.
"The vendors that New
York works with are not required by state policy to have the capability to sort
and segregate information, and New York hasn't made any move to require that
capability," said Carey.
"As the systems
continue to improve with regards to categorize data, the work of implementing
those systems to protect patient rights or patient privacy is something that's
always being looked at," David Whitlinger, executive director of the New York
(NYeC), told eWEEK.
"And that's why we have a statewide collaboration to work on state policy
and keep it current to the needs of the community as well as what the vendor
community is able to keep up with."
The NYeC runs the state's
HIEs, called SHIN-NY, consisting of 12 regional health information
Doctors are able to upload
data without the consent of patients, according to the NYCLU. It requests that
patients be able to opt out of HIEs altogether rather than have their data
uploaded automaticallyor only allow records to be shared in an emergency.
However, NYeC's Whitlinger
noted that a patient must give consent for each individual patient entity that
uses their data. "The New York State HIEs are all implementing and have
implemented and are following statewide policy," he said.
"The overall position
that we seem to continuously try to strive for is giving the patient as much
control as possible in who has access to the data while allowing the patient to
use that control to enable the health care system to deliver better care,"
Version 2.2 of the NYS Privacy
and Security Policies
states: "Except as set forth in Section 1.2, a
participant shall not access a patient's Protected Health Information via the
SHIN-NY governed by a RHIO unless the patient has provided an affirmative
consent authorizing the participant to access such protected health
The NYeC is now conducting
an annual policy review and will convene in the next few weeks to address gaps
in data exchange policies, he said.
"It's an ongoing
discussion that takes a lot of different facets," said Whitlinger.
"There's not good consensus at times in the health care community with
regards to the level of data sharing that is necessary to have a comprehensive
view of a patient, as opposed to protecting patient safety."