| Page # |
Line # |
Comments/Criticisms |
Suggested Alternatives |
| 3 |
46 |
We don't feel that the privacy and security of patient's health records can be adequately protected if each RHIO develops its own system for obtaining patient consent, ensuring the privacy of sensitive health information, and addressing minor confidentiality. |
There should be uniform standards regarding patient consent and health record confidentiality. |
| 6 |
2 |
Security and privacy of health records must be a primary focus as the State moves to a system of interoperable health IT. RHIOs must also include that concern in their mission. |
Add sentence: An important component of the RHIOs' missions must include protecting the security and privacy of health records. |
| 9 |
2 |
RHIOs should be charged with implementing and maintaining uniform privacy and security policies, not with establishing policies, as that would lead to a patchwork of differing policies that could lead to confusion and breaches of health record privacy. |
change "establish" to "maintain" |
| 13 |
20 |
RHIOs should be charged with implementing and maintaining uniform privacy and security policies, not with establishing policies, as that would lead to a patchwork of differing policies that could lead to confusion and breaches of health record privacy. |
Add sentence:There must be methods to track who has accessed a patient's health record, when it was accessed and what data (if possible), was accessed. There should also be penalties for inappropriate access as well as disclosure of patient health information. |
| 16 |
6 |
|
Replace last line of first bullet with: "while ensuring patient privacy is protected." |
| 20 |
23 |
When it comes to some health information, patients can sometimes be identified or be able to recognize themselves even when health data is de-identified. Policies on the use of such data must keep this consideration in mind. |
|
| 20 |
42-43 |
This recommendation is intrinsically linked to recommendation # 5 on sensitive health information. We think that policies regarding sensitive health information must include some form of consent before data is both stored and released. |
In conjunction with our recommendations for setting up a system that would screen out sensitive health data, we feel that providers and payers should receive some form of consent prior to disclosing sensitive health information. |
| 21 |
15 |
|
RHIO software should be able to track medical record access, including dates of access, who has accessed the data, and which data was accessed. |
| 22 |
39 |
|
Any requirements related to sensitive health data must be followed for both Level 1 and 2 uses. |
| 23 |
22 |
We are very concerned about the recommendation for sensitive health information. Patients should not have an all or nothing option in storing health information if they are concerned about the privacy of sensitive health information. The ability to have sensitive data screened from other health information will be particularly important in primary care settings that offer a comprehensive range of health services, including sensitive health services. We recognize the struggle to balance patient desire for privacy while ensuring medical professionals have access to information relevant to a patient's care, but feel patient autonomy and privacy should take precedence to a well-meaning, but paternalistic approach. |
The ideal solutions would allow patients to have sensitive health information screened from general access, while still having all health information stored in a RHIO. |
| 23 |
34-37 |
The security and privacy of health records must be a primary focus as the State moves to a system of interoperable health IT. RHIOs must also include that concern in their mission. |
In order to protect the confidentiality of sensitive health information, perhaps some categories of health services, that are commonly considered sensitive by patients, should always be screened from access except by identified providers. |
| 24 |
16 |
Patients should be aware of what type of reproductive health information is to be shared. |
add reproductive health information |
| 24 |
31 |
Patients should have information on how to opt out of having some of their health data stored or shared. |
Add bullet: How to opt out of having some data stored or shared. |
| 32 |
20 |
We realize that issues related to the health information of minors is yet to be addressed, FPA requests that we be involved in the development of these policies. |
New York law contains provisions that allow minors to consent to some medical services without parental involvment; these records are not disclosible to parents or guardians. New York law also allows providers to keep health information of minors' confidential if release would be detrimental to the patient. These important protections must be preserved in any interoperable health IT system. |
