Have you heard about HealthInfoNet?
Well - if you live in Maine, there is about a 50/50 chance that you are enrolled in it.
HealthInfoNet ("HIN") is the state’s first and one of the nation’s largest and most advanced electronic health information exchanges. HIN has been in a demonstration phase, but is set to expand to most of the state with the help of available state and federal funding.
While it’s true that technology can do great things, you may have noticed that here at the ACLU of MAINE, we try not to forget the accompanying risks. And the electronic storage and transfer of highly personal information is no exception.
The anticipated benefits of an electronic health record exchange are reduced medical error, improved patient care and monetary savings. On one hand, HIN reports that many Maine people believe that better coordination and communication among their providers is needed to improve healthcare quality and safety and want increased access to their own medical records. On the other hand, both doctors and patients worry that their personally identifiable medical data will not be protected. And it's a very valid fear - a) the potential familial and professional ramifications of exposing sensitive health information (reproductive health, mental illness, drug and alcohol dependency, terminal illness, HIV/AIDS, etc.) could be devastating.
Imagine discriminatory review by insurance companies or potential employers so they can avoid paying for people who might be expensive to insure or employ (we are an “at will” state after all).
Fortunately, HIN has welcomed feedback and input on how to best create privacy protections while maintaining system functionality. We, along with a number of other organizations, including those specializing in behavioral health, HIV/AIDS, reproductive health and drug and alcohol treatment, have been involved for years in analyzing HealthInfoNet and its privacy and security implications as part of the Consumer Advisory Committee.
Recommendations of the Committee include informed consent of patient participants, availability and ease of patient opt out, mechanisms ensuring only treating medical professionals can access patient information, an audit system, creating sanctions for inappropriate access or transfer of information, and prohibition of discrimination for those who choose not to participate.
The Governor’s office recently convened a Health Information Technology Legal Working Group, including many of the members of the Committee (including us). The Group is reviewing how Maine's privacy and security laws apply to HIN with a goal of recommending needed legislative changes.
At this point, HIN has chosen to exclude a range of specifically designated highly sensitive information (such as HIV test results and behavioral health diagnoses) until more consideration can be given to privacy safeguards. However, these protections may be meaningless since one look at an AIDS patient’s prescription medications can reveal the same highly sensitive conditions as the specifically excluded information. Yet excluding this information wholesale has its disadvantages. As some advocates point out, while the privacy risks are real, it is actually those patients with complicated medical and prescription profiles (including AIDS patients and those with severe mental illness), who could benefit most from information exchanges like HIN.
Unfortunately, current laws are inadequate to fully protect patients and doctors – so it’s crucial that we move quickly to create and implement protections.
I am hopeful that the Group will continue its work with as much commitment and insight as they have thus far and we will see legislation during the coming session.
Stay tuned...