February 10, 2009 By News Report
The Institute for Health Freedom (IHF) is warning the public that the economic stimulus bill mandates the federal government to plan for each American to use an electronic health record (EHR) by 2014 -- without opt-out or patient-consent provisions.
"Congress needs to add opt-out and patient-consent provisions to ensure true patient privacy," says Sue Blevins, IHF president. "The bottom line is that if you want to control the flow of your personal health information, your consent to share the information must be a prerequisite and you must have the right to withhold permission. And neither the current federal (HIPAA) privacy rule nor the economic stimulus bill guarantees Americans the right of consent."
IHF stresses that while Congress will be hearing about potential cost-savings from EHRs, it should seriously consider the costs of not allowing Americans to opt out of a national EHR system: more patients will withhold private information as they lose trust in the confidential doctor-patient relationship and lose control over the widespread disclosure of their most personal information.
The organization urges Americans to continue voicing their own opinions about this important issue to national policymakers. IHF further stresses that for both ethical and financial reasons, confidentiality and consent are both cost-effective and essential for improving the quality of health care.
You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Stimulus-Bill-Removes-Medical-Record-Privacy-from.html
While structuring the databases, the information should be segregated into several records. Records should be encrypted. Some records should be accessible only to the doctor who created them and the patient. A patient should be able to select a password and also create a time-limited password that he or she can give to another healthcare provider. Various healthcare providers even when they are given access, they should not be able to copy them and propagate them. The need for access to records by the healthcare providers and by other administrative and support personnel should be distinguished. Ultimately, it is the patient who owns the records - not the physician, not the healthcare facility, not the administrators. There should be a permanent record of records and who accessed them at what time. This aspect is essential in case of disputes and medical malpractice suits. The law should take these considerations into account as it is framed.
i believe i know more about my health than the government does.
I agree with Som. However, there's one technical change I would suggest. Instead of giving the health provider a password, the user should record on their file which health providers have access (perhaps by some unique provider ID). This way, the authentication is handled by the system itself using existing authentication methods and without requiring even more passwords to be added to our daily lives.
Som: It is NOT the patient who owns the record. Unless there is agreement otherwise, the owner of the clinic/facility owns the records. I work for a physician so this is a true fact.