As our industry moves more aggressively toward managing the health of populations, we will most certainly come to a crossroads with respect to data privacy and data usability far more complex than what is even being debated and discussed today. Think about it. In the best case, we will be able to narrowly, and, with great precision and specificity, identify populations and engage them in the most effective treatment plans known to medicine at any given moment in time. Is that not the “holy grail” of medical science? That is an awesome possibility. The kind of possibility that brings real purpose and meaning to the work we do.
While most of the industry’s efforts today focus on the 20% of patients that are responsible for 80+% of health care cost, our technologies and their capabilities will almost assuredly outpace our privacy regulations and practices, and more than likely, our very ethical thinking and posture.
So, let’s start with the basics. Is your organization fully aware and engaged in the OCR’s guidance on data de-identification? It can be found here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html. It’s a heck of a read, but absolutely necessary. Do your practices stand up to this guidance? If not, we think it is fair to say “proceed at your own risk” and, if you have no idea, if you can’t answer those questions with a resounding “yes,” it would be a great time to initiate a baseline evaluation of your practices and identify your gaps.
This article provided a point of departure for this post: http://healthitsecurity.com/2014/08/26/patient-data-de-identification-keeping-data-private-and-useful/
There certainly is no shortage of conversation on the topic. Join in!