Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,

Published byAva Willis Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,"— Presentation transcript:

1 Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle, WA

2 Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

3 Concerns about privacy of personal information high and likely to grow Privacy can be defined as the ability to control information about yourself even after you have given it to someone else Americans are concerned that privacy they once took for granted is increasingly at risk, particularly with respect to spread of IT into more domains of everyday life

4 Continued high profile losses or thefts of personal data may impact disclosure of PHI for research NSA monitoring domestic phone calls Widely covered reports about releases or theft of personal information: –VA loss of several hundred thousand records –Choicepoint

5 Public particularly concerned about disclosure of PHI Nearly 4 of 5 Americans feel confidentiality of their medical records is very important (Gallup Poll, 2000) Inappropriate disclosure of PHI not only offensive, but can be devastating: –Embarrassment –Employment –Insurance

6 Emerging regional and national EHRs also contributing to concern about PHI Americans will not support a system of EHRs if security and privacy were not readily apparent (HIT Leadership Panel Report, 2005) Lack of confidence will not only slow HIT uptake but could undermine data reliability –1 in 6 people withhold medical information because of concerns about confidentiality (Goldman et al 2004)

7 How do consumers feel about regional or national EHRs?* Most adults (71%) have not heard or read about such initiatives When told about them, ~ 70% concerned that PHI could be leaked because of weak security, or shared without their knowledge 82% believe that it is important that patients be able to track and use their info in EMR Nearly half (47%) thought the privacy risks outweighed benefits of emerging EHRs *(Harris Poll, 2005)

8 Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

9 Who owns health information? We generate a tremendous amount of data as physicians…Some parts of it, such as patient information clearly belong to physicians. –William Hazel, Jr. M.D. Patients may have voluntarily turned over their bodies or bodily fluids for examination, but they have done so in the expectation that the information …would be used for their own treatment and their privacy would be maintained –Privacy Rights Clearinghouse

10 Traditional rule for ownership of medical record outdated States have traditionally considered the provider owner of the medical records they maintain, subject to patient rights relating to information contained. –Statutes developed in era of paper records However, even under traditional rule, no one person can be truly said to own patient identifiable information –i.e. exercise complete sovereignty over the information

11 What do we really mean by who owns health data? Who may access data? Who may mine or manipulate data? Who may use data and for what purpose? Who may sell data? Who may disclose or publish data? Who may pay to access, use, publish, or sell data?

12 Topics Covered Why Privacy is Paramount Ownership of Health Data HIPAA Privacy Rule from Consumer Perspective

13 HIPAA Privacy Rule Protects individually identifiable health information held or transmitted by health care providers, insurers, other Covered Entities, and Business Associates Details permitted uses and disclosures with and without authorization, and penalties Specifies patient rights with respect to their personal health information (PHI)

14 Consumer advocates view HIPAA as important step, but insufficient HIPAA exemptions for uses unrelated to care without patient authorization are too broad: –E.g., use for health care operations or quality improvement too vague and subject to abuse. Concerns intensify when spread of EHRs considered; they want patients to have more control over who sees what information Function Creep feared

15 Others agree Privacy Rule does not address many emerging privacy issues Ownership and control of PHI Nature of patient participation Division of role-based access Need for additional disclosure limitations Means of patient identification Stokes, 2005

16 Alternatives for addressing privacy issues being discussed Opt-in vs. Opt-out system –Opt-out is cheaper but consumers may object –Opt-in gives patients control but would take longer, and be less representative Role-based access Individual privacy settings Access notification

Download ppt "Privacy: Who Owns What and Who Gets Access? Allen Fremont, M.D., Ph.D. RAND Corporation Annual Meeting of AcademyHealth Sunday, June, 25 th 2006 Seattle,"

Similar presentations

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.
1.04 Patient Rights Legislation

1.04 Patient Rights Legislation
 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.

 What is the Privacy Rule? The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) governs the use and disclosure of.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Informed Consent.

Informed Consent.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Similar presentations

Ads by Google