Monday, March 28, 2022

Too Much Too Soon?” Or “An Idea Whose Time Has Come?” Information Blocking Regulations and Proposed HIPAA Access Changes

by Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA

 

This blog was first published for Verisma Information Access Week June 2021.   Available at https://verisma.com/accessweek2021/

The year 2021 has been punctuated by a flurry of regulatory activity around individuals’ ability to access their own health information.  With access a hot button issue, the information blocking final rule went into effect April 5, compelling health care providers, health technology developers, and health information exchanges and networks to make specific information available to individuals without intentional and unnecessary delay, thus prohibiting interference with access and exchange.  Additionally, May 6 marked the end of the public comment period for proposed modifications to the HIPAA Privacy Rule, which include extensive changes that would enhance individuals’ right of access to their PHI, such as the ability to inspect PHI at no cost by taking photos, videos, or notes of their information.  Where, a mere five years ago, my attempt to take photos of my father’s nursing home record (to which I was legally permitted access) brought gasps of alarm from staff, the possibility that this practical use of technology might become a legal right brings palpable relief. 

But are there negative ramifications to these new regulations and proposed changes?  Having helplessly watched family members struggle to access their health records at a time when providers could ignore their requests without consequences, I believe the continual strengthening of the right to access is, in many ways, long overdue.  But is there also a point where this right can go too far?  I raise this question not because of the burden on healthcare providers (although that could be a separate conversation) but, rather, because of the emotional burden it places on patients and their families.  Have we reached a point where access becomes “too much too soon?”  As a fierce advocate of patients being able to access their own health information, I find this to be a painful question and – yet – one that needs to be addressed. 

Several years ago, a friend of mine was diagnosed with an aggressive form of cancer.  Following surgery, chemotherapy and radiation, she underwent a routine scan several months later.  The healthcare provider – per meaningful use – posted the radiologist’s interpretation of her scan in the patient portal where she could view it.  My friend was able to access that information, and what she read alarmed her.  Unable to reach her physician and knowing that she would not be able to obtain clarification of the interpretation for several days, she and her family agonized until she was reassured at her follow-up visit that everything was normal. 

The volume and velocity of information, and the ability to push it out to patients in an effort to promote access, is not unlike a gushing fire hose.  In other words, we should ask ourselves whether there is a point where there is too much of a good thing, particularly when balanced against patients’ health literacy and the limited bandwidth of providers to provide their patients with prompt explanations.  After all, while technological capabilities have increased, the number of hours in a day have not.  Too, there is concern about erroneous or incomplete health information being pushed out to patients, resulting in panic, confusion, or – at its worst – substantial emotional or physical harm. 

Access to health information is critical to patient empowerment, and empowerment is a crucial paradigm shift in the patient experience.  Technology is enabling this shift.  Further, health policy and --with it -- laws that foster patient engagement are propelling access to health information forward.  At the same time, we need to ensure that technological, policy, and legal advances are keeping pace with human need.  We must take care not to be so focused on the patient that in the process we lose sight of that same patient, with detrimental effects. 



The Privacy and Security Snapshot is a new publication by OHIMA that will be published quarterly throughout 2021-2022.  The goal is to keep OHIMA members informed of current events in the privacy and security arena.

Do you have suggestions on topics to include in the snapshot? Or are you a privacy/security guru who would be interested in contributing? Email ohima@ohima.org to get in contact.
 



About the Author 

Laurie A. Rinehart-Thompson, JD, RHIA, CHP, FAHIMA is a Privacy & Security Project Leader on the OHIMA FY 2021-22 Board of Directors. Laurie is the Professor and Program Director of Health Information Management and Systems at The Ohio State University and is the author of Introduction to Health Information Privacy and Security, 2nd Edition, AHIMA Press