Pilot Launched to Advance Patient Control Over Shared Medical Records

The University of Texas at Austin and Jericho Systems announced a national pilot program designed to explore advanced patient control over shared medical records. This pilot was approved by a working group within the Office of the National Coordinator for Health Information Technology (ONC).

We caught up with Dr. Leanne Field, director of UT Austin’s Health IT program, and David Staggs, chief technology officer at Jericho Systems, to ask a few questions about this important pilot program.

Interview with David Staggs and Dr. Leanne Field

Q: What are the expected outcomes of the pilot? What patient control insight do you hope to achieve? 

David StaggsStaggs: Healthcare consumers currently do not have the ability to dynamically review remote electronic requests across the eHealth Exchange concerning their Protected Health Information (PHI) or learn the outcome of those requests. The pilot will add transparency to the exchange of PHI released by the consumer’s provider organization to requesting organizations.

Further, the pilot will explore how subsequent requests made to requesting organizations (3rd party requests) can be reported to consumers.

Currently there is no standardized way for consumers to review how their consent directives affect requests for their PHI. The goal of the pilot is to present a secure, scalable solution that allows consumers to evaluate if their consent directive is operating as they planned.

Q: What role will the ONC play in the pilot going forward? 

Staggs: The Office of National Coordinator (ONC) Standards and Interoperability Office (SIO) and the Office of the Chief Privacy Officer (OCPO) established the Standards and Interoperability (S&I) Framework in January 2011. The Jericho Systems and The University of Texas at Austin (J-UT) pilot “Privacy with Dynamic Patient Review” started in April 2013 and is part of the S&I Framework’s Data Segmentation for Privacy (DS4P) initiative.

The ONC is supporting the J-UT pilot by providing meeting logistics and serving as a custodian for the J-UT pilot work product.  Our final recommendations will be considered for inclusion in the DS4P Implementation Guidelines (IG) document. The S&I Framework IG is currently being considered as a standard by Health Level Seven (HL7).

Q: Is the focus on patient control geared toward regional, state, and national health information exchanges? 

Staggs: The focus of the J-UT pilot is currently on the exchange of electronic health information over the eHealth Exchange (formerly known as the Nationwide Health Information Network, or NwHIN), which is used by many large healthcare provider organizations.

Q: What technology challenges do you foresee in patient control and access in health information exchanges?

Staggs: As the financial and health impact of accidental or inappropriate sharing of PHI becomes more apparent, patients will demand the same level of transparency in the exchange of their PHI as they have come to expect in their credit card statements. The technical challenge is to provide a system that provides transparency to the patient without undue burden on the exchange.

Our pilot explores the use of externalized patient consent repositories that can be accessed to determine the patent’s consent over each electronic request for their PHI. We will demonstrate that the patient’s consent can be incorporated into the decision to release or withhold their PHI. In addition, information on the requester and the release decision can be sent to the patient via the repository.

Our major challenge will be to create a standards-based system that will be adopted by the exchange. Ultimately, the electronic exchange of PHI will not be successful unless patients have the ability to understand where their information is going when it leaves their provider.

Q: How will this pilot benefit students in the UT Austin Health IT Program?

Dr. Leanne FieldsField: Students will be able to contribute to the J-UT pilot by carrying out applied research projects relevant to their studies in the Health Information Technology and Health Information Exchange Certificate program.

Q: What activities will students participate in as part of the joint pilot program?

Field: Interested students will be assigned to a mentor who will assist them in choosing a relevant and worthwhile research project involving the J-UT pilot. Two students enrolled in the Summer 2013 program are currently working to define data sets to be used in the request for a patient consent directive, which will allow for granular consent and the prevention of protected health information leakage. Not only are they learning about the standards necessary to facilitate interoperability over the eHealth Exchange, but they also are enjoying participation in weekly S&I Framework calls that are listed on the S&I Framework Wiki. Members of the public also are invited to attend these weekly calls.

Patient Health Information and Health Information Exchange

For exchange of patient data to be successful, more work needs to be done in the areas of protecting information and reporting on who requested the information. It is a blend of privacy and transparency. Although HIEs and the eHealth Exchange are in the middle of it, more importantly, patients are.

This pilot instigated by the ONC and developed through the partnership between the UT Health IT program and Jericho Systems will be one to watch. The results will be very valuable to the new era of meaningful exchange, protection, and reporting on patient data.


More from Jon Mertz


The following two tabs change content below.
Jon Mertz serves as the editor at HL7Standards.com and vice president of marketing at Corepoint Health. Jon is an advocate for strong patient engagement in their health and understands the key roles health literacy, patient data, and healthcare interoperability play in developing a better health care model. Follow Jon on Twitter.

, , ,

  • Pingback: Pilot Launched to Advance Patient Control Over ...()

  • http://ratheryes.com Darragh McCurragh

    The main issue will be to make the system bulletproof against “phishing” attacks. There will probably a flood of fake emails asking patients to enter their personal data and PIN/password in a fake site and off the ‘phishers’ go and now have access to all the patient’s data. Which will open up all kinds of avenues like blackmail etc.