AMA Shines Spotlight On Clinical Data Ownership In HIEs

Posted on July 4, 2011 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Anyone who knows me has probably heard me take a few potshots at the AMA, which isn’t exactly known for its progressive positions on health policy issues.  But this time, I must admit, the AMA has done the industry a good turn by shining a spotlight on an issue that deserves a closer look.

The group’s House of Delegates has just adopted a policy asking the AMA to study the issue of who owns — and can use — data sent back and forth across an HIE network.

The author of the policy, a New Mexico-based nephrologist, noted that as health plans acquire HIE technology vendors, it’s become unclear who will control patient data.

For example, UnitedHealth Group’s health IT consulting subsidiary Ingenix bought HIE technology provider Axolotl last year.  Another example of such consolidation comes from Aetna, which picked up HIE vendor Medicity last year, notes American Medical News.

At present, the AMA notes, it’s not clear whether payers who buy HIE technology vendors have the right to siphon out data on patients who aren’t members of their own plans.  (My guess is that health plans will be all too happy to do so, if they can get away with it, as it would help them screen out high-risk patients before they even consider applying for coverage.)

Now, I’m no legal expert, but I would have assumed that HIPAA regs would cover this situation.  But even if HIPAA does spell out what health plans may and may not do in this instance, this won’t be the last time the increasing consolidation of patient records will raise important privacy questions.

The truth is, as health data begins to become a public commodity — something that’s hard to avoid as it’s aggregated and shared with more parties — the notion of health data privacy will need to evolve.

Do we need a “son of HIPAA” law to protect consumers in this new era?  Not being an attorney, I’m not qualified to say.

But as HIEs begin to play a more important role in healthcare delivery, I do think we should pay close attention to what data ends up in whose hands.  Otherwise, we’re looking at loopholes you could drive a truck through.