Give Me My Health Data!
Give Me My Data!: Via CDT - PolicyBeta.
On Monday night, a website called HealthDataRights.org went live. The site promotes better access to one’s own health data, and serves as a portal where individuals and entities can endorse/support A Declaration of Health Data Rights.
“We the people,” the site asserts: 1) Have the right to our own health data; 2) Have the right to know the source of each health data element; 3) Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be available in that form; 4) Have the right to share our health data with others as we see fit.
Having access to one’s own health data is already a right – just not one that is well known or enforced. Under the HIPAA Privacy Rule, individuals have a right to obtain a copy of their health data. They can also get this copy “in the form or format requested” (e.g. electronic format), if it is “readily producible” in that format. There are some exceptions to this right, including health data compiled for the purpose of a civil or criminal proceeding. Also under the Rule, covered entities have 30 days to comply with an individual’s request (and this can be extended to 60 days). Entities can charge a reasonable fee for copying the health record, the limits of which are set by state law. Notwithstanding this legal right, failure to provide individuals with access to their data is one of the top 5 HIPAA-related complaints received by the U.S. Department of Health and Human Services (HHS) — the agency responsible for enforcing the HIPAA Privacy Rule.
Congress took steps to strengthen this right in the recent economic stimulus legislation. Entities using electronic health records must provide individuals with an electronic copy upon request and individuals can have that copy sent directly to a Personal Health Record (PHR). The entity cannot charge more than its labor costs for the copy. This provision goes into effect February 18, 2010.
But whether this will result in greater patient access to data is uncertain. Why is gaining access to one’s health data such a problem? Still too many patients and providers do not know that this right exists. In addition, still too many physicians are uncomfortable with providing patients access to their medical record. Likewise, too many patients still rarely question the authority of their physicians, and may be afraid to ask for their health data for fear of undermining this authority. Recently enhanced HIPAA penalties for failure to comply with the Privacy Rule may help – but may not be enough to dislodge entrenched assumptions about the proper roles of doctors and patients.
There is clearly a need to raise awareness about the right of individual access to health data under HIPAA. CDT endorses HealthDataRights.org and applauds the efforts of its organizers to draw attention to patients’ rights to their data.
Read Original Article:(Via CDT - PolicyBeta.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- EFF Asks Court to Suppress Evidence Illegally Gathered From Password-Protected Phone
- Google Superbowl Ad Explains The Need for Search Privacy
- EFF Fights for Cell Phone Users' Privacy in Thursday Hearing
- Identifying John Doe: It might be easier than you think
- ShmooCon: Inside FarmVille's sinister underbelly
- More Details on the Chinese Attack Against Google (Schneier)
- The top 5 mistakes of privacy awareness programs
- ShmooCon: P2P snoopers know what's in your wallet
- Can you trust Chinese computer equipment?
- Authors Guild: ‘To RIAA or Not to RIAA’
