Data Privacy,
Data Security,
HIPAA/HITECH
Increased Push as HHS Intensifies Oversight of Data Sharing and Record Access Regulations
Senator Ron Wyden of Oregon is exerting pressure on U.S. health technology companies to enhance patient control over data sharing, highlighting the dual importance of privacy and national security. This initiative aligns with a broader federal effort to enforce regulations that ensure secure and interoperable patient data exchange.
As the ranking member of the Senate Finance Committee, Wyden has formally requested that ten electronic health record (EHR) vendors, including major players like Oracle Health and Epic, implement features that give patients direct authority over who can access their health records. This call for action comes in response to intensified enforcement from the Department of Health and Human Services (HHS), which is focusing on compliance with the information blocking rule established under the 21st Century Cures Act of 2016.
Wyden emphasized that while the interoperability of health records is crucial for enhancing care delivery, it is imperative to maintain robust privacy protections for sensitive information. He raised concerns about the current state of data accessibility, pointing out that many providers can access sensitive health data of patients regardless of their relationship with those patients, thereby increasing the risk of misuse.
Recent investigations, including a report from the U.S. Department of Defense, have disclosed troubling instances where health records of military personnel could be accessed without proper justification. Such findings underscore the vulnerability of health data and the need for a regulatory framework that safeguards patient rights while facilitating essential care.
The information blocking rule prohibits certified health IT vendors and healthcare providers from unnecessary obstructions in health information exchange, although exceptions do exist, particularly for privacy and cybersecurity considerations. The HHS Office for Civil Rights has actively pursued enforcement actions against alleged breaches of the HIPAA Privacy Rule, emphasizing the necessity for health entities to comply with patient data access requests without undue delay.
In a letter responding to Wyden, Epic indicated its commitment to enhancing patient privacy features within its MyChart portal, which will allow users to manage their data sharing preferences more effectively. Features under development include options for patients to opt out of certain data sharing or to remain anonymous from other healthcare providers accessing their information.
The move towards increased data interoperability presents its own set of challenges. Alongside the benefits of improved data sharing for better patient outcomes, there are legitimate concerns regarding potential misuses of health information. Wyden’s advocacy for privacy-enhancing features represents a significant step toward reconciling both the need for accessible health data and the imperative for privacy protection in a rapidly evolving digital landscape.
