HealthBlawg

David Harlow's Health Care Law Blog

  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

The social uses of data stored in EHRs and the privacy protections needed

July 17, 2007

EHRs either make sense clinically or economically on an individual patient or practice basis, or they don’t, depending on which study you read. 

Let’s assume that implementation does not make economic sense, or that implementation is cost-neutral, at the individual practice level.  Should the EHR implementation agenda be advanced nevertheless?

The argument goes like this: aggregate data will point to new findings regarding safety, efficacy and efficiency of different treatment modalities for patients with the same or similar diagnoses.  Providers can then be incentivized (through P4P, or its subset, value-based purchasing) to follow the preferred approach. 

This has the potential to help all of us, but of course there is also the potential for inappropriate sharing of personal health information.  HIPAA doesn’t quite help in these circumstances (there are some aspects of EDI, RHIOs, etc. not contemplated when the HIPAA rules were being written, not all that long ago) though some fixes may be in the works.  See news regarding NCVHS letter to HHS promoting expansion of HIPAA (and a copy of the NCVHS letter, too), though it’s worth noting that’s been in the works for about a year).

"Secondary" use of health data — i.e., use of data "for non-direct care, including analysis, quality, research, payment, provider certification, marketing and commercial activities" — is the subject of ongoing review and consideration by an AHIC workgroup and by AHRQ.

Update 7/20/07:  The Washington Post reports on concerns about holes in HIPAA and proposed legislation to tighten it up; Jeff Drummond, at the HIPAA Blog is dismissive of what he sees as folks getting all hot and bothered about not all that much.

Here’s hoping that the potential for using all this data we’re collecting for the collective good isn’t mucked up by the federales and — dare I say it — the lawyers.

— David Harlow

Related Posts

  • HIMSS Privacy and Security Forum: Managing Social Media While Protecting Privacy and Security

    I spoke at this week's HIMSS Privacy and Security Forum in Boston on the privacy…

  • Facebook on the Radio: Talking Privacy and Patient Data on NPR

    I had the opportunity to speak with Bob Oakes, host of Morning Edition on WBUR,…

  • Harlow on health data privacy and security - Cerner Perspectives on Health and Tech

    At HIMSS 2019 I had the opportunity to be on the other side of the…

Filed Under: Ehealth, EHR, Health care policy, Health Law, HIPAA, HIT, Hospitals, Physicians, Privacy

« New study: EHRs really do save money over time
Wisconsin Supreme Court upholds jailing of uncooperative tuberculosis patient »

Trackbacks

  1. Trusted.MD Network says:
    July 31, 2007 at 10:54 pm

    First statewide EHR system announced — in Rhode Island

    Of course, the plan for RI’s statewide EHR system was announced within a day of the merger announcement from Lifespan and Care New England, which together represent about 75% of the state’s hospital capacity (and affiliated physicians). It’s a small…

Threads

Follow me on: Threads

Mastodon

Follow me on: Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2025
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]