AHIMA CEO Lynne Thomas Gordon, RHIA, MBA, CAE, FACHE, FAHIMA, championed patients’ rights for the privacy, security, and confidentiality of health information while cautioning against access of disclosure reports that exceed the statutory language of the HITECH Act.
Thomas Gordon delivered her testimony—grounded in AHIMA’s commitment to data integrity data governance and data confidentiality—at the Virtual Hearing on Accounting for Disclosures before the Office of the National Coordinator for Health Information Technology’s HIT Policy Committee Tiger Team. Under the auspices of the HIT Policy Committee, the Tiger Team focuses on a range of privacy and security issues. The Tiger Team also invited members of Health IT Standards Committee Privacy and Security Workgroup and the National Committee on Vital and Health Statistic’s Subcommittee on Privacy, Confidentiality, and Security.
“AHIMA and its members are protectors and stewards of a patient’s health information, and we are strong advocates for their timely and appropriate access to their data,” Thomas Gordon said. “And while we will always support the right of a patient to ask questions and seek an investigation regarding who has access to their protected health information, it is critical that the investigation must consider the nature of the alleged disclosure, the potential burden of conducting the investigation, and the safety of any involved health care workforce.”
Thomas Gordon said access reports that exceed language in the HITECH Act would likely:
• be expensive to develop, implement, and maintain;
• require covered entities and business associates to make major IT and systems modifications and workflow and process changes that will increase the administrative burdens and costs, all for likely a small number of requests; and
• present significant technological and work flow challenges to efficiently capture reliable detailed information on every internal exchange of data.
“We believe that it is much more feasible to respond to access requests on an as-needed basis and when there is reasonable indication that inappropriate access occurred,” said Thomas Gordon, who noted that accounting of disclosures and/or access reports should be provided in person so the requesting individual can receive a full explanation.
AHIMA members consistently report that when patients seek answers as to who accessed their health information, they often have a specific individual in mind.
“Identifying specific workforce members in an access report would unnecessarily jeopardize the safety of those persons if the requesting party chose to confront the named workforce member,” Thomas Gordon said.
The virtual hearing also included testimony from patients, vendors, business associates, providers, and payers.