The 21st Century Cures Act and Emergency Medicine - Part 1: Digitally Sharing Notes and Results.

Among the provisions of the 21st Century Cures Act is the mandate for digital sharing of clinician notes and test results through the patient portal of the clinician's electronic health record system. Although there is considerable evidence of the benefit to clinic patients from open notes and minimal apparent additional burden to primary care clinicians, emergency department (ED) note sharing has not been studied. With easier access to notes and results, ED patients may have an enhanced understanding of their visit, findings, and clinician's medical decisionmaking, which may improve adherence to recommendations. Patients may also seek clarifications and request edits to their notes. EDs can develop workflows to address patient concerns without placing new undue burden on clinicians, helping to realize the benefits of sharing notes and test results digitally.

A legal overview of the use of messaging platforms in healthcare.

Medical interventions are becoming more complex day by day. Moreover, compared with the past, more healthcare professionals take part in the same intervention in the field of medicine. The use of technology in medical interventions has also increased. This change in the health sector brings together several legal discussions. In this study, the legal consequences that arise from the treatment processes carried out by the residents and resident educators (registerers / attending physicians), the exchange of information between them, and the usage of some messaging platforms, especially WhatsApp, in this process will be analyzed.

Sharing ICU Patient Data Responsibly Under the Society of Critical Care Medicine/European Society of Intensive Care Medicine Joint Data Science Collaboration: The Amsterdam University Medical Centers Database (AmsterdamUMCdb) Example.

OBJECTIVES: Critical care medicine is a natural environment for machine learning approaches to improve outcomes for critically ill patients as admissions to ICUs generate vast amounts of data. However, technical, legal, ethical, and privacy concerns have so far limited the critical care medicine community from making these data readily available. The Society of Critical Care Medicine and the European Society of Intensive Care Medicine have identified ICU patient data sharing as one of the priorities under their Joint Data Science Collaboration. To encourage ICUs worldwide to share their patient data responsibly, we now describe the development and release of Amsterdam University Medical Centers Database (AmsterdamUMCdb), the first freely available critical care database in full compliance with privacy laws from both the United States and Europe, as an example of the feasibility of sharing complex critical care data. SETTING: University hospital ICU. SUBJECTS: Data from ICU patients admitted between 2003 and 2016. INTERVENTIONS: We used a risk-based deidentification strategy to maintain data utility while preserving privacy. In addition, we implemented contractual and governance processes, and a communication strategy. Patient organizations, supporting hospitals, and experts on ethics and privacy audited these processes and the database. MEASUREMENTS AND MAIN RESULTS: AmsterdamUMCdb contains approximately 1 billion clinical data points from 23,106 admissions of 20,109 patients. The privacy audit concluded that reidentification is not reasonably likely, and AmsterdamUMCdb can therefore be considered as anonymous information, both in the context of the U.S. Health Insurance Portability and Accountability Act and the European General Data Protection Regulation. The ethics audit concluded that responsible data sharing imposes minimal burden, whereas the potential benefit is tremendous. CONCLUSIONS: Technical, legal, ethical, and privacy challenges related to responsible data sharing can be addressed using a multidisciplinary approach. A risk-based deidentification strategy, that complies with both U.S. and European privacy regulations, should be the preferred approach to releasing ICU patient data. This supports the shared Society of Critical Care Medicine and European Society of Intensive Care Medicine vision to improve critical care outcomes through scientific inquiry of vast and combined ICU datasets.

Information blocking remains prevalent at the start of 21st Century Cures Act: results from a survey of health information exchange organizations.

OBJECTIVE: Recent policy making aims to prevent health systems, lectronic health record (EHR) vendors, and others from blocking the electronic sharing of patient data necessary for clinical care. We sought to assess the prevalence of information blocking prior to enforcement of these rules. MATERIALS AND METHODS: We conducted a national survey of health information exchange organizations (HIEs) to measure the prevalence of information blocking behaviors observed by these third-party entities. Eighty-nine of 106 HIEs (84%) meeting the inclusion criteria responded. RESULTS: The majority (55%) of HIEs reported that EHR vendors at least sometimes engage in information blocking, while 30% of HIEs reported the same for health systems. The most common type of information blocking behavior EHR vendors engaged in was setting unreasonably high prices, which 42% of HIEs reported routinely observing. The most common type of information blocking behavior health systems engaged in was refusing to share information, which 14% of HIEs reported routinely observing. Reported levels of vendor information blocking was correlated with regional competition among vendors and information blocking was concentrated in some geographic regions. DISCUSSION: Our findings are consistent with early reports, revealing persistently high levels of information blocking and important variation by actor, type of behavior, and geography. These trends reflect the observations and experiences of HIEs and their potential biases. Nevertheless, these data serve as a baseline against which to measure the impact of new regulations and to inform policy makers about the most common types of information blocking behaviors. CONCLUSION: Enforcement aimed at reducing information blocking should consider variation in prevalence and how to most effectively target efforts.

An open-source GIS-enabled lookup service for Nagoya Protocol party information.

The Nagoya Protocol on Access and Benefit Sharing is a transparent legal framework, which governs the access to genetic resources and the fair and equitable sharing of benefits arising from their utilization. Complying with the Nagoya regulations ensures legal use and re-use of data from genetic resources. Providing detailed provenance information and clear re-usage conditions plays a key role in ensuring the re-usability of research data according to the FAIR (findable, accessible, interoperable and re-usable) Guiding Principles for scientific data management and stewardship. Even with the framework provided by the ABS (access and benefit sharing) Clearing House and the support of the National Focal Points, establishing a direct link between the research data from genetic resources and the relevant Nagoya information remains a challenge. This is particularly true for re-using publicly available data. The Nagoya Lookup Service was developed for stakeholders in biological sciences with the aim at facilitating the legal and FAIR data management, specifically for data publication and re-use. The service provides up-to-date information on the Nagoya party status for a geolocation provided by GPS coordinates, directing the user to the relevant local authorities for further information. It integrates open data from the ABS Clearing House, Marine Regions, GeoNames and Wikidata. The service is accessible through a REST API and a user-friendly web form. Stakeholders include data librarians, data brokers, scientists and data archivists who may use this service before, during and after data acquisition or publication to check whether legal documents need to be prepared, considered or verified. The service allows researchers to estimate whether genetic data they plan to produce or re-use might fall under Nagoya regulations or not, within the limits of the technology and without constituting legal advice. It is implemented using portable Docker containers and can easily be deployed locally or on a cloud infrastructure. The source code for building the service is available under an open-source license on GitHub, with a functional image on Docker Hub and can be used by anyone free of charge.

Balancing health privacy, health information exchange, and research in the context of the COVID-19 pandemic.

The novel coronavirus disease 2019 infection poses serious challenges to the healthcare system that are being addressed through the creation of new unique and advanced systems of care with disjointed care processes (eg, telehealth screening, drive-through specimen collection, remote testing, telehealth management). However, our current regulations on the flows of information for clinical care and research are antiquated and often conflict at the state and federal levels. We discuss proposed changes to privacy regulations such as the Health Insurance Portability and Accountability Act designed to let health information seamlessly and frictionlessly flow among the health entities that need to collaborate on treatment of patients and, also, allow it to flow to researchers trying to understand how to limit its impacts.

General Data Protection Regulation in Health Clinics.

The focus on personal data has merited the EU concerns and attention, resulting in the legislative change regarding privacy and the protection of personal data. The General Data Protection Regulation (GDPR) aims to reform existing measures on the protection of personal data of European Union citizens, with a strong impact on the rights and freedoms of individuals in establishing rules for the processing of personal data. The GDPR considers a special category of personal data, the health data, being these considered as sensitive data and subject to special conditions regarding treatment and access by third parties. This work presents the evolution of the applicability of the Regulation (EU) 2016/679 six months after its application in Portuguese health clinics. The results of the present study are discussed in the light of future literature and work are identified.

Opt-in consent policies: potential barriers to hospital health information exchange.

OBJECTIVES: To (1) assess whether hospitals in states requiring explicit patient consent ("opt-in") for health information exchange (HIE) are more likely to report regulatory barriers to HIE and (2) analyze whether these policies correlate with hospital volume of HIE. STUDY DESIGN: Cross-sectional analysis of US nonfederal acute care hospitals in 2016. METHODS: We combined legal scholarship surveying HIE-relevant state laws with the American Hospital Association Annual Information Technology Supplement for regulatory barriers and hospital characteristics. Data from CMS reports for hospitals attesting to Meaningful Use stage 2 (MU2; renamed "Promoting Interoperability" in 2018) in 2016 captured hospital HIE volume. We used multivariate logistic regression and linear regression to estimate the association of opt-in state consent policies with reported regulatory barriers and HIE volume, respectively. RESULTS: Hospitals in states with opt-in consent policies were 7.8 percentage points more likely than hospitals in opt-out states to report regulatory barriers to HIE (P = .03). In subgroup analyses, this finding held among hospitals that did not attest to MU2 (7.7 percentage points; P = .02). Among hospitals attesting, we did not find a relationship between opt-in policies and regulatory barriers (8.0 percentage points; P = .13) or evidence of a relationship between opt-in policies and HIE volume (ß = 0.56; P = .76). CONCLUSIONS: Our findings suggest that opt-in consent laws may carry greater administrative burdens compared with opt-out policies. However, less technologically advanced hospitals may bear more of this burden. Furthermore, opt-in policies may not affect HIE volume for hospitals that have already achieved a degree of technological sophistication. Policy makers should carefully consider the incidence of administrative burdens when crafting laws pertaining to HIE.

The Impact of a National Health Information Exchange Program Under a Single-payer System.

OBJECTIVE: This study aimed to evaluate the impact of the PharmaCloud program, a health information exchange program implemented in 2013, on medication duplication under a single-payer, universal health insurance program in Taiwan. STUDY DESIGN: This study employed a retrospective pre-post study design and used nationwide health insurance claim data from 2013 to 2015. A difference-in-difference analysis was conducted to evaluate the effects of inquiry rate on the probability of receiving duplicate medications and on the number of days of overlapping medication prescriptions after implementation of the PharmaCloud program. RESULTS: The study subjects included patients receiving medications in 7 categories: antihypertension drugs, 217,200; antihyperlipidemic drugs, 69,086; hypoglycemic agents, 103,962; antipsychotic drugs, 15,479; antidepressant drugs, 12,057; sedative and hypnotic drugs, 56,048; and antigout drugs, 18,250. Up to 2015, the overall PharmaCloud inquiry rate has increased to 55.36%-69.16%. Compared with subjects in 2013, subjects in 2014 and 2015 had a significantly lower likelihood of receiving duplicate medication in all 7 medication groups; for instance, for antihypertension drug users, the odds ratio (OR) was 0.91 with 95% confidence interval (CI)=0.90-0.92 in 2014, and the OR was 0.81 with 95% confidence interval=0.81-0.82 in 2015. However, a higher inquiry rate led to a lower likelihood of receiving duplicate medication and shorter periods of overlapping medications only in some of the medication groups. CONCLUSIONS: The health information exchange program has reduced medication duplication, yet the reduction was not entirely associated with record inquiries. The hospitals have responded to the challenge of medication duplication by enhancing internal prescription control via a prescription alert system, which may have contributed to the reduction in duplicate medications and is a positive, unintended consequence of the intervention.

Review of HIPAA, Part 1: History, Protected Health Information, and Privacy and Security Rules.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 has made an impact on the operation of health-care organizations. HIPAA includes 5 titles, and its regulations are complex. Many are familiar with the HIPAA aspects that address protection of the privacy and security of patients' medical records. There are new rules to HIPAA that address the implementation of electronic medical records. HIPAA provides rules for protected health information (PHI) and what should be protected and secured. The privacy rule regulates the use and disclosure of PHI and sets standards that an entity working with health data must follow to protect patients' private medical information. The HIPAA security rule complements the privacy rule and requires entities to implement physical, technical, and administrative safeguards to protect the privacy of PHI. This article-part 1 of a 2-part series-is a refresher on HIPAA, its history, its rules, its implications, and the role that imaging professionals play.

[Legal limits of (online) marketing for doctors]. / Rechtliche Grenzen des (Online-) Marketings für Ärzte.

The online marketing of physicians must be measured against the same advertising regulations as conventional marketing. In this context, the Medical Professional Code of Conduct, the Medical Products Advertising Act ("Heilmittelwerbegesetz") and the Law against Unfair Competition are particularly relevant. In addition, data and personal rights aspects have to be considered in the area of online marketing. Despite increasing liberalisation tendencies, there continue to be considerable legal advertising limits for doctors, which are outlined in this article. The relatively high number of current court rulings cited in the article also shows that there are questions yet to be clarified with regard to all regulations. The judgements, which are often strongly related to the individual cases, have not answered all questions conclusively. Nevertheless, it can be stated that the legal limits of medical marketing have never been more liberal than they are now.

The 21st Century Cures Act and electronic health records one year later: will patients see the benefits?

While federal regulation provides patients the right to access their electronic health records and promotes increased use of health information technology, patient access to electronic health records remains limited. The 21st Century Cures Act, signed into law over a year ago, has important provisions that could significantly improve access and availability of health data. Specifically, the provisions call for partnerships among health information exchange networks, educational and research initiatives, and health information technology certification requirements that encourage interoperability. The article reviews the potential benefits and concerns regarding implementation of these provisions, particularly the difficulty of aligning incentives and requirements for data sharing and the question of whether currently proposed rules and guidance will support the goal of improved patient access and health information exchange. Researchers, clinicians, and patients have the power to advocate for improved patient access and interoperability as policy development and implementation of the 21st Century Cures Act continues.

Access and Disclosure of Personal Health Information: A Challenging Privacy Landscape in 2016-2018.

OBJECTIVES: To assess the current health data access and disclosure environment for potential privacy-protecting mechanisms that enable legitimate use of personal health information while preserving the rights of individuals. To identify the gaps and challenges between increasing requests and expanding uses of such information and the regulations, technologies, and management practices that permit appropriate access and disclosure while guarding against harmful misuse of such information. METHODS: A scoping literature review focused on (1) regulations affecting access and disclosure of personal health information, (2) the uses of health information that challenge access and disclosure boundaries, and (3) privacy management practices that may help mitigate gaps in protecting patient privacy. RESULTS: Countries and jurisdictions are developing laws, regulations, and public policies to balance the privacy rights of individuals and the unprecedented opportunities to advance health and health care through expanded uses of health data. Regulations and guidance are evolving, but they are outpaced by the increasing demand for and the challenges of managing access and disclosure. Mechanisms such as consent and authorization may not always be adequate. Mechanisms that advance principled stewardship are more important than ever. CONCLUSIONS: Access and disclosure management are important dimensions of privacy management practices. This is a volatile period in which diverging public policies may reveal how best to balance access and disclosure of personal health information by individuals and by institutional custodians of the information. Approaches to access and disclosure management, including the roles of individuals, should be a focus for research and study in the years ahead.

Legal Barriers to the Growth of Health Information Exchange-Boulders or Pebbles?

Policy Points: Historically, in addition to economic and technical hurdles, state and federal health information privacy laws have been cited as a significant obstacle to expanding electronic health information exchange (HIE) in the United States. Our review finds that over the past decade, several helpful developments have ameliorated the legal barriers to HIE, although variation in states' patient consent requirements remains a challenge. Today, health care providers' complaints about legal obstacles to HIE may be better understood as reflecting concerns about the economic and competitive risks of information sharing. CONTEXT: Although the clinical benefits of exchanging patients' health information electronically across providers have long been recognized, participation in health information exchange (HIE) has lagged behind adoption of electronic health records. Barriers erected by federal and state health information privacy law have been cited as a leading reason for the slow progress. A comprehensive assessment of these issues has not been undertaken for nearly a decade, despite a number of salient legal developments. METHODS: Analysis of federal and state health information privacy statutes and regulations and secondary materials. FINDINGS: Although some legal barriers to HIE persist, many have been ameliorated-in some cases, simply through improved understanding of what the law actually requires. It is now clear that the Health Insurance Portability and Accountability Act presents no obstacles to electronically sharing protected health information for treatment purposes and does not hold providers who properly disclose information liable for privacy breaches by recipients. The failure of federal efforts to establish a unique patient identifier number does slow HIE by inhibiting optimal matching of patient records, but other action to facilitate matching will be taken under the 21st Century Cures Act. The Cures Act also creates the legal architecture to begin to combat "information blocking." Varying patient consent requirements under federal and state law are the most important remaining legal barrier to HIE progress. However, federal rules relating to disclosure of substance-abuse treatment information were recently liberalized, and development of a technical standard, Data Segmentation for Privacy, or DS4P, now permits sensitive data requiring special handling to be segmented within a patient's record. Even with these developments, state-law requirements for patient consent remain daunting to navigate. CONCLUSIONS: Although patient consent requirements make HIE challenging, providers' expressed worries about legal barriers to participating in HIE likely primarily reflect concerns that are economically motivated. Lowering the cost of HIE or increasing financial incentives may boost provider participation more than further reducing legal barriers.