Physician viewpoint: Maintaining privacy of patient data can be an issue with portals

It can be difficult to effectively document sensitive health information of pediatric patients and older adults whose family members have access to their patient portals without violating the patient's privacy, according to a viewpoint article in AAP News and Journals.

The article, written by Hannah Galvin, MD, a member of the American Academy of Pediatrics Council on Clinical Information Technology, states that the inability to hide a patient's sensitive health information in the EHR has presented limitations to patient portals for various organizations.

When a pediatric patient or an individual who has granted portal proxy access to his or her family requests that some of their medical history is kept private, it is not always possible to do so, according to Dr. Galvin. Often when sensitive data is entered into the EHR, it can automatically appear in the patient portal, be printed in a care summary report or get transmitted to other providers or payers.

"Scanning an EHR output to families to ensure the redaction of sensitive data is a cognitive burden for pediatricians," Dr. Galvin wrote. "Even the most diligent provider cannot prevent transmission of a payer's explanation of benefits. Pediatricians are left to simply advise patients of this limitation and risk to their privacy."

As part of its rule proposal earlier this year, ONC presented the use of an interoperability standard, called Data Segmentation for Privacy, that would allow vendors and organizations to label certain health information that is transferred between EHR systems as sensitive. "For example, a user could tag a diagnosis of chlamydia on a problem list so that it would not be transmitted to another site or populate the summary of care record without the patient's consent," Dr. Galvin wrote.

Implementing DS4P can pose issues such as what should be displayed in the EHR to notify providers that they do not have the patient's complete medical record, should emergency measures be available to view nondisclosed data and whether the sensitive information should be used in clinical decision support algorithms.

More articles on EHRs:
Tanner Health begins Epic EHR rollout: 4 things to know
Georgia hospitals partner with Allscripts' CarePort Health on care coordination tools
Piedmont Columbus Regional now live on Epic EHR

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months