Legal Barriers to the Growth of Health Information Exchange-Boulders or Pebbles?

Policy Points: Historically, in addition to economic and technical hurdles, state and federal health information privacy laws have been cited as a significant obstacle to expanding electronic health information exchange (HIE) in the United States. Our review finds that over the past decade, several helpful developments have ameliorated the legal barriers to HIE, although variation in states' patient consent requirements remains a challenge. Today, health care providers' complaints about legal obstacles to HIE may be better understood as reflecting concerns about the economic and competitive risks of information sharing. CONTEXT Although the clinical benefits of exchanging patients' health information electronically across providers have long been recognized, participation in health information exchange (HIE) has lagged behind adoption of electronic health records. Barriers erected by federal and state health information privacy law have been cited as a leading reason for the slow progress. A comprehensive assessment of these issues has not been undertaken for nearly a decade, despite a number of salient legal developments. METHODS Analysis of federal and state health information privacy statutes and regulations and secondary materials. FINDINGS Although some legal barriers to HIE persist, many have been ameliorated-in some cases, simply through improved understanding of what the law actually requires. It is now clear that the Health Insurance Portability and Accountability Act presents no obstacles to electronically sharing protected health information for treatment purposes and does not hold providers who properly disclose information liable for privacy breaches by recipients. The failure of federal efforts to establish a unique patient identifier number does slow HIE by inhibiting optimal matching of patient records, but other action to facilitate matching will be taken under the 21st Century Cures Act. The Cures Act also creates the legal architecture to begin to combat "information blocking." Varying patient consent requirements under federal and state law are the most important remaining legal barrier to HIE progress. However, federal rules relating to disclosure of substance-abuse treatment information were recently liberalized, and development of a technical standard, Data Segmentation for Privacy, or DS4P, now permits sensitive data requiring special handling to be segmented within a patient's record. Even with these developments, state-law requirements for patient consent remain daunting to navigate. CONCLUSIONS Although patient consent requirements make HIE challenging, providers' expressed worries about legal barriers to participating in HIE likely primarily reflect concerns that are economically motivated. Lowering the cost of HIE or increasing financial incentives may boost provider participation more than further reducing legal barriers.

[1]  Bradley N. Doebbeling,et al.  Priorities and strategies for the implementation of integrated informatics and communications technology to improve evidence-based practice , 2006, Journal of General Internal Medicine.

[2]  Julia Adler-Milstein,et al.  The Number Of Health Information Exchange Efforts Is Declining, Leaving The Viability Of Broad Clinical Data Exchange Uncertain. , 2016, Health affairs.

[3]  Julia Adler-Milstein,et al.  Health Information Exchange in US Hospitals: The Current Landscape and a Path to Improved Information Sharing , 2017, Journal of hospital medicine.

[4]  Jack L. VanDerhei,et al.  Senate Committee on Health, Education, Labor and Pensions , 2013 .

[5]  Robert H. Miller,et al.  The Santa Barbara County Care Data Exchange: what happened? , 2007, Health affairs.

[6]  Jordan Everson,et al.  The implications and impact of 3 approaches to health information exchange: community, enterprise, and vendor‐mediated health information exchange , 2017, Learning health systems.

[7]  Robert E. Hoyt,et al.  Health Informatics: Practical Guide for Healthcare and Information Technology Professionals , 2010 .

[8]  Stephen J. Weiser Breaking down the federal and state barriers preventing the implementation of accurate, reliable and cost effective electronic health records. , 2010, Annals of health law.

[9]  J S Gardner,et al.  Medical records and privacy: empirical effects of legislation. , 1999, Health services research.

[10]  G. Kalyanaram,et al.  Nudge: Improving Decisions about Health, Wealth, and Happiness , 2011 .

[11]  A. Policy Review of the 2002 Department of Health and Human Service Notice of Proposed Rule Making for The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations , 2002 .

[12]  Kim M. Unertl,et al.  Health information exchange technology on the front lines of healthcare: workflow factors and patterns of use , 2011, J. Am. Medical Informatics Assoc..

[13]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[14]  Julia Adler-Milstein,et al.  U.S. Hospitals Engagement in Core Domains of Interoperability , 2016, AMIA.

[15]  Andrew P. McAfee,et al.  The state of regional health information organizations: current activities and financing. , 2007, Health affairs.

[16]  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules. , 2013, Federal register.

[17]  Julia Adler-Milstein,et al.  Operational health information exchanges show substantial growth, but long-term funding remains a concern. , 2013, Health affairs.

[18]  Joshua R. Vest,et al.  Health information exchange: persistent challenges and new strategies , 2010, J. Am. Medical Informatics Assoc..

[19]  Julia Adler-Milstein,et al.  Reducing Medicare Spending Through Electronic Health Information Exchange: The Role of Incentives and Exchange Maturity , 2018, Inf. Syst. Res..

[20]  Farzad Mostashari,et al.  The HITECH Era and the Path Forward. , 2017, The New England journal of medicine.

[21]  Julia Adler-Milstein,et al.  Health information exchange policies of 11 diverse health systems and the associated impact on volume of exchange , 2016, J. Am. Medical Informatics Assoc..

[22]  Deni Elliott,et al.  Genetic Information Nondiscrimination Act , 2008 .

[23]  Chelsea A. Jenter,et al.  Readiness for electronic health records: comparison of characteristics of practices in a collaborative with the remainder of Massachusetts. , 2008, Informatics in primary care.

[24]  L. Schilling,et al.  Systematic Review of Health Information Exchange in Primary Care Practices , 2010, The Journal of the American Board of Family Medicine.

[25]  Bita A. Kash,et al.  Falling short: how state laws can address health information exchange barriers and enablers , 2018, J. Am. Medical Informatics Assoc..

[26]  Crossed wires: how yesterday's privacy rules might undercut tomorrow's nationwide health information network. , 2009, Health affairs.

[27]  Anne P. Massey,et al.  A Proposed National Health Information Network Architecture and Complementary Federal Preemption of State Health Information Privacy Laws , 2011 .

[28]  Catherine Tucker,et al.  Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records , 2009, Manag. Sci..

[29]  John D. Halamka,et al.  The HITECH Era in Retrospect. , 2017, The New England journal of medicine.

[30]  Rema Padman,et al.  The Impact of Privacy Regulation and Technology Incentives: The Case of Health Information Exchanges , 2016, Manag. Sci..

[31]  J. McIlwain Health information security and privacy collaboration. , 2007, Journal of the Mississippi State Medical Association.

[32]  Confidentiality of Substance Use Disorder Patient Records. Final rule. , 2017, Federal register.

[33]  Gerald L. Lohse,et al.  Defaults, Framing and Privacy: Why Opting In-Opting Out1 , 2002 .

[34]  MA Leslie S. Rothenberg JD,et al.  Possible Legal Barriers for PCP Access to Mental Health Treatment Records , 2015, Journal of Behavioral Health Services & Research.

[35]  Julia Adler-Milstein,et al.  U.S. Regional health information organizations: progress and challenges. , 2009, Health affairs.

[36]  Linda Dimitropoulos,et al.  A state-based approach to privacy and security for interoperable health information exchange. , 2009, Health affairs.

[37]  Julia Adler-Milstein,et al.  Information Blocking: Is It Occurring and What Policy Strategies Can Address It? , 2017, The Milbank quarterly.

[38]  Julia Adler-Milstein,et al.  Moving Past the EHR Interoperability Blame Game , 2017 .

[39]  Julia Adler-Milstein,et al.  A Survey of Health Information Exchange Organizations in the United States: Implications for Meaningful Use , 2011, Annals of Internal Medicine.