1 / 26

MBSA – Health Law Section MN E-Health Initiative and The MN Health Records Act

MBSA – Health Law Section MN E-Health Initiative and The MN Health Records Act. James I. Golden, PhD Director, Division of Health Policy Minnesota Department of Health September 21, 2007. Objectives. What is the e-Health Initiative What are the Key Components of Privacy

xarles
Download Presentation

MBSA – Health Law Section MN E-Health Initiative and The MN Health Records Act

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MBSA – Health Law SectionMN E-Health Initiative andThe MN Health Records Act James I. Golden, PhDDirector, Division of Health PolicyMinnesota Department of Health September 21, 2007

  2. Objectives • What is the e-Health Initiative • What are the Key Components of Privacy • What is the MN Privacy and Security Project • Discussion of Changes to the MN Health Records Act (M.S. § 144.291-.298) • What’s Next

  3. MN e-Health Initiative • Established in 2004 as a private–public collaboration to accelerate the use of health information technology in Minnesota • 26 members representing key stakeholders including health care providers, payers, public health professionals, and consumers • Responsible for making recommendations to implement a statewide interoperable health information infrastructure - including patient privacy requirements

  4. Initial Challenges • Most significant challenges in developing recommendations for a statewide interoperable health information infrastructure: • Financing • Governance • Standards for Data Exchange • Privacy and Security Issues

  5. 2005 e-Health Activities • Integrate MN efforts with national activities • “Framework for Strategic Action” from the Office of the National Coordinator for Health Information Technology • Develop a MN e-Health framework of four broad and ambitious goals: • Goal 1: Inform clinical practice - focus on Electronic Health Records • Goal 2: Interconnect clinicians - focus on health information exchange • Goal 3: Personalize care – focus on Personal Health Records • Goal 4: Improve population/public health – focus on disease surveillance and response systems

  6. 2006 e-Health Activities • Shift from Strategic Planning to Implementation Planning with a national focus on: • Standards of Interoperability • Architecture – Models for connecting • Data standards • Privacy and Security Standards • Barriers to data exchange • Patient participation and control

  7. MN Privacy and Security Project (MPSP) • A systematic and comprehensive review of current laws and practices that impede the efficient, electronic exchange of health data that analyzed privacy and security issues to: • Identify the most significant barriers impeding the electronic exchange of health information • Document how concerns impede the exchange of health information • Describe the causes and rationale for the barriers • Develop solutions and implementation plans to eliminate or reduce the barriers, while maintaining or strengthening patient privacy protections

  8. What Is Privacy? The Privacy Commissioner of Canada described Privacy as:"...the right to control access to one's person and information about one's self. The right to privacy means that individuals get to decide what and how much information to give up, to whom it is given, and for what uses."

  9. Informed Consent • For patients and their health information the primary mechanism for exercising privacy is: Informed Consent • Traditional components of informed consent: • The patient needs to be provided with relevant information to make an evaluation of the benefits and risks of consenting to the use or disclosure health information; • Information needs to be presented to the patient in a clear and understandable fashion that is comprehensible; • The patient’s choice to consent to the use or disclosure of health information needs to be a voluntary decision; and • The patient’s consent or authorization needs to be documented.

  10. Issues in the Consent Process • Opt-in versus opt-out • When and how consent is obtained • Ability to limit the consent • Specificity of the consent • Duration of consent • Ability and mechanisms to revoke/modify a consent • Educational materials supplied with the consent request – Benefits and risks • Documentation of the consent

  11. Why Does Privacy Matter? • Quality of Care • Without trust that the personal, sensitive information shared with doctors will be handled with degree of confidentiality, patients will not fully participate in their own health care. • California Health Care Foundation (1999) found: • One in every five people believes their health information has been used or disclosed inappropriately. • One in six people engages in some form of "privacy-protective" behavior when they seek, receive, or pay for health care in this country.

  12. MN Privacy and Security Project (MPSP) • A systematic and comprehensive review of privacy laws and practices to: • Identify the most significant barriers to information exchange • Document how barriers impede exchange • Describe the causes/rationale for the barriers • Develop solutions and implementation plans to eliminate or reduce the barriers, while maintaining or strengthening patient privacy protections

  13. MPSP Findings • Overarching privacy and security issues: • The implementation of Minnesota’s patient consent requirements within a health information exchange • Operational difficulties in first providing, and then limiting and monitoring external organizations’ electronic access to patient data • Liability concerns with the inappropriate disclosure of patients’ health information

  14. Patient Consent Barriers • Minnesota’s patient consent requirements were identified as a major privacy and security impediment to the electronic exchange of health information, because: • Health care providers cannot agree on “when” and “how” patient consent is required to exchange patients’ health information. • Minnesota’s patient consent requirements were designed for paper-based exchanges of information and are not conducive to a real-time, automated electronic exchange of information.

  15. Patient Consent Requirements • HIPAA allows the disclosure of patient information for treatment, payment, and operations without consent • Minnesota law requires patient consent for the disclosure of patient information

  16. Minnesota’s Patient Consent Requirements • Patient consent required for nearly all disclosures of health records – including treatment • Patients need to give written consent • Consent generally expires within one year • Limited exceptions to consent • Medical emergency • Within “related health care entities” • Consents that do not expire • Disclosures to providers being consulted • Disclosures to payers for payment

  17. Minnesota Patient Consent Liability • Minnesota law places all liability for inappropriate disclosures on the disclosing providers: • A violation of patient consent requirements may be grounds for disciplinary action against a provider by the appropriate licensing board or agency • A person who negligently or intentionally releases a health record … is liable to the patient for compensatory damages caused by an unauthorized release, plus costs and reasonable attorney's fees

  18. MinnesotaPatient Consent Barriers • Undefined terms and ambiguous concepts in Minnesota Statutes, § 144.335. • Difficulties in determining the appropriate application of Minnesota’s patient consent requirements to new concepts in the electronic exchange of health information that do not have an analogous concept in a paper-based exchange. • The need to update Minnesota’s patient consent requirements to allow mechanisms that facilitate the electronic exchange of patients’ information while respecting the patients’ ability and wishes for controlling their information.

  19. Addressing Patient Consent Barriers • A workgroup of industry representatives and privacy advocates did not reach consensus on a set of best solutions, but: • Identified options • Documented advantages and disadvantages for each option • Connected related options • MDH developed criteria for evaluating options: • maintain or strengthen patients’ privacy or control over their health records • improve patient care • facilitate electronic, real time, automated exchange • not place an undue administrative burden on the health care industry • increase the clarity and uniform understanding of the statutory language and consent requirements

  20. 2007 Revisions to MN Health Records Act • Major Revisions in Health & Human Services Omnibus bill: • Improve readability through recodification • Definitions for new and existing terms: • Health record • Medical emergency • Related health care entity • Health Information Exchange • Record locator service • Identifying data

  21. Record Locator Service (RLS) • An electronic index of patient identifying information that directs providers in a health information exchange to the location of patient health records held by providers and group purchasers. • Providers may construct a record locator service withoutpatient consent • Providers must obtain patient consent to access patients’ information in a record locator service.

  22. Record Locator Service Protections • Not a government database • Allows multiple groups of providers to create a RLS • Only providers may access information in a RLS • Providers must provide patients the ability to completely opt-out of the RLS in the consent process • An RLS must maintain an audit log of who accessed information • A RLS is liable for inappropriate disclosures of information • MDH cannot access/receive information from a RLS

  23. Representation of Consent • A provider, or a person who receives health records from a provider, may not release a patient's health records to a person without:(1) a signed and dated consent from the patient or the patient's legally authorized representative authorizing the release;(2) specific authorization in law; or(3) a representation from a provider that holds a signed and dated consent from the patient authorizing the release.

  24. Representation of Consent Protections • Only a health care provider may request a patient’s health record using a representation of having obtained patient consent. • Requesting provider must obtain a signed and dated consent from the patient • The provider releasing health records to another provider using a representation of having obtained patient consent must document: • identity of the requesting provider • identity of the patient • records requested • date of the request

  25. What’s Next • Development of a Standard Patient Consent for the Disclosure of Health Records • M.S. § 144.292, Subd.8 – Note: This language may needed to be modified • Not required to be used • Must be accepted by health care providers • Due January 1, 2008 • Foundation for Interstate, Standard Patient Consent for Disclosure

  26. Thank You! - Questions Minnesota Department of Health Jim Golden, PhD Director, Division of Health Policy 651.201.4819 james.golden@health.state.mn.us

More Related