No matter where patients go for medical care, or how many physicians and specialists they need to see, their medical records should go with them. Right now, health data is siloed in a patchwork of networks operated by regional nonprofit organizations or health systems. When patients and providers can’t access critical health information easily, it can lead to inefficiencies like redundant procedures, overmedication, patient injury, or death.
The good news is that we can break down barriers to share essential health information––and do so securely––if we create a statewide health information exchange (HIE) network. An HIE is a digital network that can safely house your entire medical history so that any medical professional can immediately access your healthcare records.
Privacy and protection of patient records is a top priority in establishing a single statewide HIE network. An HIE in California will only allow medical professionals to access your personal health records in compliance with Health Information Portability and Affordability Act (HIPAA) privacy and security regulations––stringent federal technical, administrative, and physical safeguards that protect and maintain the privacy and security of protected health information.
A statewide HIE network would be run by a nonprofit organization––not a single healthcare organization or government entity––so patients can be assured that their data will not be sold to third parties or potentially accessed and misused by the government for non-healthcare purposes like immigration enforcement, unless required under law.
Did You Know?
HIPAA’s long-standing privacy laws require that covered entities (health plans, clearinghouses, and all who provide care in the healthcare ecosystem) share data only for treatment, payment and operations purposes. The law also requires that these organizations use the minimum amount of patient data necessary to deliver care. An HIE would actually have in place additional safeguards beyond what existing law provides to further secure patient privacy, such as terms of participation, credentialing controls, and audit trails.
Built-in protections to keep data private and secure
California’s HIE network would have specific, stringent privacy and security stipulations and restrictions in place––just as existing organizations’ electronic health records systems do––to comply with federal and state law and best practices. Considerations include:
Application of HIPAA to all health record sharing, which ensures care teams can only access health records for specific permitted purposes like treatment and payment.
Development of specific policies against the sale of de-identified data.
Protection of your health records from immigration officials, except in limited circumstances such as when a judge issues a warrant or court order.
Ability for patients to opt out of health information sharing through the statewide HIE network.
Option for patients to access their health records and make corrections, when necessary.
Reinforcement of federal legal protections that ensure sensitive data like substance use treatment records would only be shared with the patient’s written consent.
Data security through encryption, the rigorous authentication of users, the use of strong passwords for access to data, and the ongoing monitoring of who is accessing information––all part of HIPAA security standards.
Certification from the Health Information Trust Alliance (HITRUST), a rigorous compliance framework that is the security gold standard for health information networks.