Two years ago, the Department of Health and Human Services released proposed regulations that would allow patients to obtain their clinical lab test results directly from the lab, rather than having to wait to receive the results from their health care provider. CDT and other consumer groups enthusiastically supported this proposed rule at the time of its release.
Yet an Administration largely characterized by increasing patient access to health information seems inexplicably unable to close the deal on this important access initiative. As a result, patients still must wait for their providers to contact them with test results.
Under the current regulations, known as the Clinical Laboratory Improvement Amendments (CLIA), laboratories are restricted from disclosing test results to patients directly. Instead, labs can only send the test results to health care providers, people authorized to receive test results under state law or other labs. Only a handful of states permit labs to send patients test results directly, and some of these states require the provider’s permission before patients can have the results. The HIPAA Privacy Rule reflects this restriction, exempting CLIA-regulated labs (which are the great majority of clinical labs) from patients’ existing right to access their health information.
This existing regime has put patients at risk. A 2009 study published in the Archive of Internal Medicine indicated that providers failed to notify patients (or document notification) of abnormal test results more than 7 percent of the time. The National Coordinator for Health IT recently put the figure at 20 percent. This failure rate is dangerous, as it could lead to more medical errors and missed opportunities for valuable early treatment.
The 2011 proposed regulations would modify CLIA to permit labs to send results directly to patients, and they would also modify the HIPAA Privacy Rule to give patients the right to access or receive their lab results. Contrary state laws would be preempted. Patients would have the ability to request their lab results in a particular form or format, as with their other health information; for example, patients could request a paper copy of their test results, or to have the results sent electronically to the their personal health records
The poor quality and high cost of health care in the U.S. is well documented. The widespread adoption of electronic medical records—for purposes of improving quality and reducing costs—is key to reversing these trends. But federal privacy regulations do not set clear and consistent rules for access to health information to improve health care quality. Consequently, the regulations serve as a disincentive to robust analysis of information in medical records and may interfere with efforts to accelerate quality improvements. This essay further explains this disincentive and suggests a potential regulatory path forward.
The U.S. has dedicated approximately 47 billion dollars to improve individual and population health through the use of electronic medical records by health care providers and patients. Much of the funding for this initiative, enacted by Congress as part of the Health Information Technology for Economic and Clinical Health Act of 2009, will be used to reimburse physicians and hospitals for the costs of purchasing and implementing electronic medical record systems. The legislation also includes funding to establish infrastructure to enable health care providers to share a patient’s personal health information for treatment and care coordination purposes and for reporting to public health authorities.
Federal policymakers also intend for electronic medical records to be actively used as tools of health system reform. The legislation directs the U.S. Department of Health and Human Services to develop a “nationwide health information technology infrastructure” that improves health care quality, reduces medical errors and disparities, and reduces health care costs from inappropriate or duplicative care.The 2011-2015 Federal Health Information Technology Strategic Plan identifies improving population health, reduction of health care costs, and “achiev[ing] rapid learning” as key goals of federal health information technology initiatives.
The Health 2.0 movement has seen incredible growth recently, with new tools and services continuously being released. Of course, Health 2.0 developers face a number of challenges when it comes to getting providers and patients to adopt new tools, including integrating into a health system that is still mostly paper-based. Another serious obstacle facing developers is how to interpret and, where appropriate, comply with the HIPAA privacy and security regulations.
Questions abound when it comes to Health 2.0 and HIPAA, and it’s vital we get them answered, both for the sake of protecting users’ privacy and to ensure people are able to experience the full benefits of innovative Health 2.0 tools. We can’t afford to see the public’s trust in new health information technology put at risk, nor can we afford to have innovation stifled.
To help solve this problem, the Center for Democracy & Technology (CDT) has launched a crowdsourcing project to determine the most vexing Health 2.0/HIPAA questions.
Once CDT has received your questions, we’ll use them to urge the Office of Civil Rights, which enforces HIPAA, to provide clarification. We’ll accept questions until Feb. 11, 2011, so please weigh in soon, and ask others to do the same.