Patients have always had the right to access their PHI (post HIPAA). We wrote about the Privacy Rule sections that provide for this access in our Patient's Bill of Rights post. The HITECH Act expands this access under Section 13405, now allowing for treatment, payment and operations (TPO) usages to be disclosed for the past three years as well (i.e. provided that an EHR is in use).
Covered entities and business associates are well advised to have a well defined set of processes in place for providing this access, or they could quickly find themselves in "willful neglect" land. The engaged patient, one that is likely to significantly increase the demand for access, is not going away any time soon. As we discuss in this article, with the boomers retiring en masse you can be sure that this trend is likely to grow significantly.
What's the so what?
Most covered entities and business associates (where applicable) are not prepared to handle this deluge of requests because their Privacy Rule compliance initiative lacks certain key processes:
- Managing requests for restrictions under §164.522.
- Managing access to PHI under §164.524.
- Managing amendments to PHI to under §164.526.
- Managing accounting for disclosures under §164.528.
It's not that these are new sections of the Privacy Rule, or aspects of the Rule that we modified by the HITECH Act, but rather these sections represent parts of the Privacy Rule that have not proven challenging heretofore, mostly because patients were either uninformed or otherwise not inclined to take advantage of them.
However, starting in 2008, 79 million baby boomers began retiring. The vast majority of these boomers are far more computer literate than their parents. By 2008 the Internet was well integrated into the daily life of the nation, therefore it would not be surprising to find that most boomers use it once a day, or at a minimum several times a week.
Also, it has been estimated that a significant percentage of boomers will suffer a chronic illness during retirement. This is not surprising given the volume of chronic illness that exists in the U.S. today, across all age groups. However, a computer literate, aging, and ill population, with more time than money to spare, is guaranteed to access the Internet en masse to look for remedies and the ability to maintain wellness.
Clearly it is not only boomers that will be advocating on their own behalf. Their tech savvy children will also be weighing in on behalf of their parents. Couple this with the rise of the Patient Advocacy Profession and you have the foundation for an inflection point as it pertains to access to PHI.
Patients, as consumers, have historically played a non-existent role in their own healthcare. Patients have lacked the data required to make informed selections of preferred providers and, for the most part, have not paid for the services delivered. The healthcare system has been, and remains, a highly dysfunctional marketplace with little or no price or quality transparency. It has been effectively seized and controlled by a few large players, namely the insurance companies and the U.S. Government (the so called "payers").
The Government, in the form of the Affordable Care Act (aka "ObamaCare"), has decided that a more functional healthcare marketplace, one focused on reimbursement for outcomes instead of reimbursement for services rendered (the so called "fee for service" model) is required to "bend the cost curve;" that is, to simultaneously improve patient outcomes while reducing costs.
It's a huge bet, one that will take decades to collect on, assuming that the bet pays off. There are obviously no guarantees that it will. But what is guaranteed, no matter what direction the healthcare industry heads in, is that patients will be more engaged in their own healthcare and that privacy and security will remain "top of mind" issues going forward.
|