Patient Access of Their Radiology Reports Before and After Implementation of 21st Century Cures Act Information-Blocking Provisions at a Large Multicampus Health System.

BACKGROUND. To implement provisions of the 21st Century Cures Act that address information blocking, federal regulations mandated that health systems provide patients with immediate access to elements of their electronic health information, including imaging results. OBJECTIVE. The purpose of this study was to compare patient access of radiology reports before and after implementation of the information-blocking provisions of the 21st Century Cures Act. METHODS. This retrospective study included patients who underwent outpatient imaging examinations from January 1, 2021, through December 31, 2022, at three campuses within a large health system. The system implemented policies to comply with the Cures Act information-blocking provisions on January 1, 2022. Imaging results were released in patient portals after a 36-hour embargo period before implementation versus being released immediately after report finalization after implementation. Data regarding patient report access in the portal and report acknowledgment by the ordering provider in the EMR were extracted and compared between periods. RESULTS. The study included reports for 1,188,692 examinations in 388,921 patients (mean age, 58.5 ± 16.6 [SD] years; 209,589 women, 179,290 men, eight nonbinary individuals, and 34 individuals for whom sex information was missing). A total of 77.5% of reports were accessed by the patient before implementation versus 80.4% after implementation. The median time from report finalization to report release in the patient portal was 36.0 hours before implementation versus 0.4 hours after implementation. The median time from report release to first patient access of the report in the portal was 8.7 hours before implementation versus 3.0 hours after implementation. The median time from report finalization to first patient access was 45.0 hours before implementation versus 5.5 hours after implementation. Before implementation, a total of 18.5% of reports were first accessed by the patient before being accessed by the ordering provider versus 44.0% after implementation. After implementation, the median time from report release to first patient access was 1.8 hours for patients with age younger than 60 years old versus 4.3 hours for patients 60 years old or older. CONCLUSION. After implementation of institutional policies to comply with 21st Century Cures Act information-blocking provisions, the length of time until patients accessed imaging results decreased, and the proportion of patients who accessed their reports before the ordering provider increased. CLINICAL IMPACT. Radiologists should consider mechanisms to ensure timely and appropriate communication of important findings to ordering providers.

When Parents Request Nondisclosure: Rights of Adolescents to Access Their Health Information and Implications of the 21st Century Cures Act Final Rule.

AbstractDespite broad ethical consensus supporting developmentally appropriate disclosure of health information to older children and adolescents, cases in which parents and caregivers request nondisclosure continue to pose moral dilemmas for clinicians. State laws vary considerably regarding adolescents' rights to autonomy, privacy, and confidentiality, with many states not specifically addressing adolescents' right to their own healthcare information. The requirements of the 21st Century Cures Act have raised important ethical concerns for pediatricians and adolescent healthcare professionals regarding the protection of adolescent privacy and confidentiality, given requirements that chart notes and results be made readily available to patients via electronic portals. Less addressed have been the implications of the act for adolescents' access to their health information, since many healthcare systems' electronic portals are available to patients beginning at age 12, sometimes requiring that the patients themselves authorize their parents' access to the same information. In this article, we present a challenging case of protracted disagreement about an adolescent's right to honest information regarding his devastating prognosis. We then review the legal framework governing adolescents' rights to their own healthcare information, the limitations of ethics consultation to resolve such disputes, and the potential for the Cures Act's impact on electronic medical record systems to provide one form of resolution. We conclude that although parents in cases like the one presented here have the legal right to consent to medical treatment on their children's behalf, they do not have a corresponding right to direct the withholding of medical information from the patient.

[Nationally standardized broad consent in practice: initial experiences, current developments, and critical assessment]. / National standardisierter Broad Consent in der Praxis: erste Erfahrungen, aktuelle Entwicklungen und kritische Betrachtungen.

BACKGROUND: The digitalization in the healthcare sector promises a secondary use of patient data in the sense of a learning healthcare system. For this, the Medical Informatics Initiative's (MII) Consent Working Group has created an ethical and legal basis with standardized consent documents. This paper describes the systematically monitored introduction of these documents at the MII sites. METHODS: The monitoring of the introduction included regular online surveys, an in-depth analysis of the introduction processes at selected sites, and an assessment of the documents in use. In addition, inquiries and feedback from a large number of stakeholders were evaluated. RESULTS: The online surveys showed that 27 of the 32 sites have gradually introduced the consent documents productively, with a current total of 173,289 consents. The analysis of the implementation procedures revealed heterogeneous organizational conditions at the sites. The requirements of various stakeholders were met by developing and providing supplementary versions of the consent documents and additional information materials. DISCUSSION: The introduction of the MII consent documents at the university hospitals creates a uniform legal basis for the secondary use of patient data. However, the comprehensive implementation within the sites remains challenging. Therefore, minimum requirements for patient information and supplementary recommendations for best practice must be developed. The further development of the national legal framework for research will not render the participation and transparency mechanisms developed here obsolete.

Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians.

Technologic advancements and the evolving digital health landscape have offered innovative solutions to several of our health care system's issues as well as increased the number of digital interactions and type of personal health information that is generated and collected, both within and outside of traditional health care. This American College of Physicians' position paper discusses the state of privacy legislation and regulations, highlights existing gaps in health information privacy protections, and outlines policy principles and recommendations for the development of health information privacy and security protections that are comprehensive, transparent, understandable, adaptable, and enforceable. The principles and recommendations aim to improve on the privacy framework in which physicians have practiced for decades and expand similar privacy guardrails to entities not currently governed by privacy laws and regulations. The expanded privacy framework should protect personal health information from unauthorized, discriminatory, deceptive, or harmful uses and align with the principles of medical ethics, respect individual rights, and support the culture of trust necessary to maintain and improve care delivery.

Ethical and Legal Implications of Remote Monitoring of Medical Devices.

Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. CONTEXT: Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored. METHODS: Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records. FINDINGS: Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data. CONCLUSIONS: Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.

Legal and ethical framework for global health information and biospecimen exchange - an international perspective.

BACKGROUND: The progress of electronic health technologies and biobanks holds enormous promise for efficient research. Evidence shows that studies based on sharing and secondary use of data/samples have the potential to significantly advance medical knowledge. However, sharing of such resources for international collaboration is hampered by the lack of clarity about ethical and legal requirements for transfer of data and samples across international borders. MAIN TEXT: Here, the International Clinical Trial Center Network (ICN) reports the legal and ethical requirements governing data and sample exchange (DSE) across four continents. The most recurring requirement is ethical approval, whereas only in specific conditions approval of national health authorities is required. Informed consent is not required in all sharing situations. However, waiver of informed consent is only allowed in certain countries/regions and under certain circumstances. The current legal and ethical landscape appears to be very complex and under constant evolution. Regulations differ between countries/regions and are often incomplete, leading to uncertainty. CONCLUSION: With this work, ICN illuminates the unmet need for a single international collaborative framework to facilitate DSE. Harmonising requirements for global DSE will reduce inefficiency and waste in research. There are many challenges to realising this ambitious vision, including inconsistent terminology and definitions, and heterogeneous and dynamic legal constraints. Here, we identify areas of agreement and significant difference as a necessary first step towards facilitating international collaboration. We propose the establishment of a working group to continue the comparison across jurisdictions, create a standardised glossary and define a set of basic principles and fundamental requirements for DSE.

Doctors Routinely Share Health Data Electronically Under HIPAA, and Sharing With Patients and Patients' Third-Party Health Apps is Consistent: Interoperability and Privacy Analysis.

Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient's data upon the patient's request to the patient or the patient's health app. This hesitation impedes shared information and care coordination with patients. It impairs patients' ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients' family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people's smartphones. This paper explains that sharing data electronically with patients and patients' third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients' third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients' third-party apps is no different and should be just as routine.

European Electronic Personal Health Records initiatives and vulnerable migrants: A need for greater ethical, legal and social safeguards.

The effective collection and management of personal data of rapidly migrating populations is important for ensuring adequate healthcare and monitoring of a displaced peoples' health status. With developments in ICT data sharing capabilities, electronic personal health records (ePHRs) are increasingly replacing less transportable paper records. ePHRs offer further advantages of improving accuracy and completeness of information and seem tailored for rapidly displaced and mobile populations. Various emerging initiatives in Europe are seeking to develop migrant-centric ePHR responses. This paper highlights their importance and benefits, but also identifies a number of significant ethical, legal and social issues (ELSI) and challenges to their design and implementation, regarding (1) the kind of information that should be stored, (2) who should have access to information, and (3) potential misuse of information. These challenges need to be urgently addressed to make possible the beneficial use of ePHRs for vulnerable migrants in Europe.

General Data Protection Regulation in Health Clinics.

The focus on personal data has merited the EU concerns and attention, resulting in the legislative change regarding privacy and the protection of personal data. The General Data Protection Regulation (GDPR) aims to reform existing measures on the protection of personal data of European Union citizens, with a strong impact on the rights and freedoms of individuals in establishing rules for the processing of personal data. The GDPR considers a special category of personal data, the health data, being these considered as sensitive data and subject to special conditions regarding treatment and access by third parties. This work presents the evolution of the applicability of the Regulation (EU) 2016/679 six months after its application in Portuguese health clinics. The results of the present study are discussed in the light of future literature and work are identified.

Evaluating people's concern about their health information privacy based on power-responsibility equilibrium model: A case of Taiwan.

To address the issue of rising expenditure of healthcare service and to fulfill the skyrocketing demand for quality healthcare, the electronic medical records (EMR) exchange has become a vital and indispensable solution for healthcare facilities in terms of being able to share medical information among healthcare providers. Hence, EMR exchange was expected to improve the quality of healthcare and reduce the cost of repetitive medical check-ups and unnecessary treatments. However, recent reports affirming EMR data leaks and compromises have ignited major worldwide privacy concerns over the security of the EMR systems. How to effectively diminish patients' concern for EMR privacy has thus become an important issue that healthcare institution managers/stakeholders have to address urgently. This study leverages the power-responsibility equilibrium perspective to investigate the antecedents and consequences of concerns for the EMR exchange. A survey using 391 responses collected from medical centers, regional and district hospitals in Taiwan was used to conduct this study. The results show that government regulations have a positive effect on hospital privacy policies. Furthermore, both government regulations and hospital privacy policy are negatively associated with concern for EMR information privacy. Additional reports gathered from this study also showed that concern for EMR information privacy could result in patients' protective responses including refusal to provide personal health information (PHI), removal of PHI, negative word of mouth, complaining directly to the hospital, or complaining indirectly to third-party organizations. These findings demonstrate the need for healthcare facilities to formulate robust privacy policies in order to alleviate patients' concern for EMR information privacy based on governmental regulations. This regulation is top-priority as the incapability of reducing patients' concern for EMR information privacy may lead to the collapse of the campaign for the full-adoption of EMR or possibly jeopardize the promotion and application of EMR among healthcare facilities.

Mobile Point-of-Care Medical Photography: Legal Considerations for Health Care Providers.

Medical photographs have been used for decades to document clinical findings. The ease with which medical photographs can be captured and integrated into the electronic health record (EHR) has increased as digital cameras obviated the need for the film development process. Today, cameras integrated into smartphones allow for high-resolution images to be instantly uploaded and integrated into the EHR. With major EHR vendors offering mobile smartphone applications for the conduct of point-of-care medical photography, health care providers and institutions need to be aware of legal questions that arise in the conduct of medical photography. Namely, (1) what are the requirements for consent when taking medical photographs, and how may photographs be used after consent is obtained, (2) are medical photographs admissible as evidence in court, and (3) how should a provider respond to a request by a patient or parent requesting that a photograph be deleted from the medical record? Herein, we review relevant laws and legal cases in the context of accepted standards of medical practice pertaining to point-of-care medical photography. This review is intended to aid health care providers and institutions seeking to develop or revise policies regarding using a mobile application at their clinical practice.

CMS Billing Guidelines and Student Documentation: a New Era or New Burden?

The Centers for Medicare and Medicaid Services (CMS) recently revised their Medicare Claims Processing Manual with the addition of CR 10412, a provision that permits teaching providers to fully bill for medical student notes. This change will have significant implications on the documentation duties of teaching physicians and trainees. Potential benefits of this provision include reduced documentation burden on house officers, improved medical student empowerment, and the infusion of more original content into the electronic medical record. However, these benefits may be offset by shifting the burden of documentation onto medical students, which may compromise their time spent with patients and overall wellness. In this perspective, we review the changes that occurred with CR 10412 and their potential impact on documentation across the medical education spectrum.

Limitations for health research with restricted data collection from UK primary care.

PURPOSE: UK primary care provides a rich data source for research. The impact of proposed data collection restrictions is unknown. This study aimed to assess the impact of restricting the scope of electronic health record (EHR) data collection on the ability to conduct research. The study estimated the consequences of restricted data collection on published Clinical Practice Research Datalink studies from high impact journals or referenced in clinical guidelines. METHODS: A structured form was used to systematically analyse the extent to which individual studies would have been possible using a database with data collection restrictions in place: (1) retrospective collection of specified diseases only; (2) retrospective collection restricted to a 6- or 12-year period; (3) prospective and retrospective collection restricted to non-sensitive data. Outcomes were categorised as unfeasible (not reproducible without major bias); compromised (feasible with design modification); or unaffected. RESULTS: Overall, 91% studies were compromised with all restrictions in place; 56% studies were unfeasible even with design modification. With restrictions on diseases alone, 74% studies were compromised; 51% were unfeasible. Restricting collection to 6/12 years had a major impact, with 67 and 22% of studies compromised, respectively. Restricting collection of sensitive data had a lesser but marked impact with 10% studies compromised. CONCLUSION: EHR data collection restrictions can profoundly reduce the capacity for public health research that underpins evidence-based medicine and clinical guidance. National initiatives seeking to collect EHRs should consider the implications of restricting data collection on the ability to address vital public health questions.

Growing Disparities in Patient-Provider Messaging: Trend Analysis Before and After Supportive Policy.

BACKGROUND: Public policy introduced since 2011 has supported provider adoption of electronic medical records (EMRs) and patient-provider messaging, primarily through financial incentives. It is unclear how disparities in patients' use of incentivized electronic health (eHealth) tools, like patient-provider messaging, have changed over time relative to disparities in use of eHealth tools that were not directly incentivized. OBJECTIVE: This study examines trends in eHealth disparities before and after the introduction of US federal financial incentives. We compare rates of patient-provider messaging, which was directly incentivized, with rates of looking for health information on the Web, which was not directly incentivized. METHODS: We used nationally representative Health Information National Trends Survey data from 2003 to 2018 (N=37,300) to describe disparities in patient-provider messaging and looking for health information on the Web. We first reported the percentage of individuals across education and racial and ethnic groups who reported using these tools in each survey year and compared changes in unadjusted disparities during preincentive (2003-2011) and postincentive (2011-2018) periods. Using multivariable linear probability models, we then examined adjusted effects of education and race and ethnicity in 3 periods-preincentive (2003-2005), early incentive (2011-2013), and postincentive (2017-2018)-controlling for sociodemographic and health factors. In the postincentive period, an additional model tested whether internet adoption, provider access, or providers' use of EMRs explained disparities. RESULTS: From 2003 to 2018, overall rates of provider messaging increased from 4% to 36%. The gap in provider messaging between the highest and lowest education groups increased by 10 percentage points preincentive (P<.001) and 22 additional points postincentive (P<.001). The gap between Hispanics and non-Hispanic whites increased by 3.2 points preincentive (P=.42) and 11 additional points postincentive (P=.01). Trends for blacks resembled those for Hispanics, whereas trends for Asians resembled those for non-Hispanic whites. In contrast, education-based disparities in looking for health information on the Web (which was not directly incentivized) did not significantly change in preincentive or postincentive periods, whereas racial disparities narrowed by 15 percentage points preincentive (P=.008) and did not significantly change postincentive. After adjusting for other sociodemographic and health factors, observed associations were similar to unadjusted associations, though smaller in magnitude. Including internet adoption, provider access, and providers' use of EMRs in the postincentive model attenuated, but did not eliminate, education-based disparities in provider messaging and looking for health information on the Web. Racial and ethnic disparities were no longer statistically significant in adjusted models. CONCLUSIONS: Disparities in provider messaging widened over time, particularly following federal financial incentives. Meanwhile, disparities in looking for health information on the Web remained stable or narrowed. Incentives may have disproportionately benefited socioeconomically advantaged groups. Future policy could address disparities by incentivizing providers treating these populations to adopt messaging capabilities and encouraging patients' use of messaging.

Deterrence approach on the compliance with electronic medical records privacy policy: the moderating role of computer monitoring.

BACKGROUND: This study explored the possible antecedents that will motivate hospital employees' compliance with privacy policy related to electronic medical records (EMR) from a deterrence perspective. Further, we also investigated the moderating effect of computer monitoring on relationships among the antecedents and the level of hospital employees' compliance intention. METHODS: Data was collected from a large Taiwanese medical center using survey methodology. A total of 303 responses was analyzed via hierarchical regression analysis. RESULTS: The results revealed that sanction severity and sanction certainty significantly predict hospital employees' compliance intention, respectively. Further, our study found external computer monitoring significantly moderates the relationship between sanction certainty and compliance intention. CONCLUSIONS: Based on our findings, the study suggests that healthcare facilities should take proactive countermeasures, such as computer monitoring, to better protect the privacy of EMR in addition to stated privacy policy. However, the extent of computer monitoring should be kept to minimum requirements as stated by relevant regulations.

Electronic Medical Record Use and Satisfaction Among Pediatric Orthopaedic Surgeons.

INTRODUCTION: Electronic medical record (EMR) use among pediatric orthopaedic surgeons has evolved substantially within the past decade. In response to the Patient Protection and Affordable Care Act, large hospitals and tertiary pediatric medical centers rapidly acquired and implemented EMRs with uncertainty as to the potential impact on patient care and operational efficiency of subspecialists. This study reviews the background and regulatory framework for Meaningful Use of EMR and assesses the current landscape of EMR utilization by pediatric orthopaedic surgeons. METHODS: In 2015, the Practice Management Committee distributed a survey regarding EMR use and satisfaction to members of the Pediatric Orthopaedic Society of North America. Survey responses from 324 members were used to analyze levels of satisfaction by EMR platform and practice type and to consider drivers of satisfaction or dissatisfaction of end users. RESULTS: Although there were no differences in overall satisfaction based on vendor or practice type, significant differences were noted for 5 specific parameters of satisfaction, including: usefulness of templates, efficiency of practice workflow, information services support, number of logon events, and speed of the system. A user/vendor map is provided to facilitate networking among providers and groups utilizing common EMR platforms to help bring about rational improvements in EMR functionality for the future. CONCLUSIONS: Substantial effort needs to be made to improve subspecialty-specific EMR documentation, order entry, research tools, and clinical workflows to enhance the processes of care for children with orthopaedic conditions in the era of EMR. LEVEL OF EVIDENCE: Level IV.

Health Care AI and Patient Privacy-Dinerstein v Google.

This Viewpoint summarizes a recent lawsuit alleging that a hospital violated patients' privacy by sharing electronic health record (EHR) data with Google for development of medical artificial intelligence (AI) and discusses how the federal court's decision in the case provides key insights for hospitals planning to share EHR data with for-profit companies developing medical AI.

Electronic records, confidentiality and data security: the nurse's responsibility.

Richard Griffith, Senior Lecturer in Health Law at Swansea University, considers the need for data security and a nurse's duty of confidentiality in relation to electronic records.