Health Care AI and Patient Privacy-Dinerstein v Google.

This Viewpoint summarizes a recent lawsuit alleging that a hospital violated patients' privacy by sharing electronic health record (EHR) data with Google for development of medical artificial intelligence (AI) and discusses how the federal court's decision in the case provides key insights for hospitals planning to share EHR data with for-profit companies developing medical AI.

Consideraciones normativas y legales del expediente clínico electrónico en odontología / Normative and legal considerations of the electronic clinical record in odontology

La elaboración del expediente clínico es una actividad rutinaria dentro del consultorio dental, éste es la materialización del acto médico, a tra- vés del cual se registra el estado de salud inicial del paciente, así como toda la información relativa al tratamiento recibido. Desde hace algunos años comenzó a promocionarse el expediente clínico electrónico como una herramienta alternativa y novedosa para elaborar este importante documento; sin embargo, la implementación de esta herramienta electrónica no ha podido lograrse en México, dada la gran cantidad de dudas que los odontólogos tienen respecto al conjunto de leyes y normas que regulan al expediente clínico, lo cual genera renuencia por parte de los odontólogos para utilizar esta modalidad de expediente dentro de su consulta diaria. El objetivo del presente artículo es realizar una revisión de la literatura, así como de las leyes y normas vigentes que regulan el expediente clínico en México para esclarecer así la viabilidad de implementarlo dentro del consultorio dental

The preparation of the electronic medical record is a routine activity in the dental office, this is the materialization of the medical act, through which the initial health status of the patient is recorded, as well as all the information related to the received treatment. A few years ago, the electronic clinical record began to be promoted as a novel alternative tool to prepare this important document, however, the implementation of this electronic tool has not been achieved in Mexico, given the large number of doubts that dentists have regarding the set of laws thar regulate the clinical record, which generates reluctance on the part of dentists to use this record modality within their daily consultation. The aim of this article is to carry out a review of the literature, as well as the current laws that regulate the clinical record in Mexico, in order to clarify the feasibility of implementing it within the dental office

The benefits and harms of open notes in mental health: A Delphi survey of international experts.

IMPORTANCE: As of April 5, 2021, as part of the 21st Century Cures Act, new federal rules in the U.S. mandate that providers offer patients access to their online clinical records. OBJECTIVE: To solicit the view of an international panel of experts on the effects on mental health patients, including possible benefits and harms, of accessing their clinical notes. DESIGN: An online 3-round Delphi poll. SETTING: Online. PARTICIPANTS: International experts identified as clinicians, chief medical information officers, patient advocates, and informaticians with extensive experience and/or research knowledge about patient access to mental health notes. MAIN OUTCOMES, AND MEASURES: An expert-generated consensus on the benefits and risks of sharing mental health notes with patients. RESULTS: A total of 70 of 92 (76%) experts from 6 countries responded to Round 1. A qualitative review of responses yielded 88 distinct items: 42 potential benefits, and 48 potential harms. A total of 56 of 70 (80%) experts responded to Round 2, and 52 of 56 (93%) responded to Round 3. Consensus was reached on 65 of 88 (74%) of survey items. There was consensus that offering online access to mental health notes could enhance patients' understanding about their diagnosis, care plan, and rationale for treatments, and that access could enhance patient recall and sense of empowerment. Experts also agreed that blocking mental health notes could lead to greater harms including increased feelings of stigmatization. However, panelists predicted there could be an increase in patients demanding changes to their clinical notes, and that mental health clinicians would be less detailed/accurate in documentation. CONCLUSIONS AND RELEVANCE: This iterative process of survey responses and ratings yielded consensus that there would be multiple benefits and few harms to patients from accessing their mental health notes. Questions remain about the impact of open notes on professional autonomy, and further empirical work into this practice innovation is warranted.

Health Information Privacy, Protection, and Use in the Expanding Digital Health Ecosystem: A Position Paper of the American College of Physicians.

Technologic advancements and the evolving digital health landscape have offered innovative solutions to several of our health care system's issues as well as increased the number of digital interactions and type of personal health information that is generated and collected, both within and outside of traditional health care. This American College of Physicians' position paper discusses the state of privacy legislation and regulations, highlights existing gaps in health information privacy protections, and outlines policy principles and recommendations for the development of health information privacy and security protections that are comprehensive, transparent, understandable, adaptable, and enforceable. The principles and recommendations aim to improve on the privacy framework in which physicians have practiced for decades and expand similar privacy guardrails to entities not currently governed by privacy laws and regulations. The expanded privacy framework should protect personal health information from unauthorized, discriminatory, deceptive, or harmful uses and align with the principles of medical ethics, respect individual rights, and support the culture of trust necessary to maintain and improve care delivery.

Incidental Findings in the Trauma Population: Interdisciplinary Approach and Electronic Medical Record Reminder Association with Pre-Discharge Reporting and Medicolegal Risk.

BACKGROUND: Incidental findings (IFs) are reported in 20% or more of trauma CT scans. In addition to the importance of patient disclosure, there is considerable legal pressure to avoid missed diagnoses. We reported previously that 63.5% of IFs were disclosed before discharge and with 20% were nondisclosed. We initiated a multidisciplinary systemic plan to effect predischarge disclosure by synoptic CT reports with American College of Radiology recommended follow-up, electronic medical records discharge prompts, and provider education. STUDY DESIGN: Prospective observational series patients from November 2019 to February 2020 were included. Statistical analysis was performed with SPSS, version 21 (IBM Corp). RESULTS: Eight hundred and seventy-seven patients underwent 1 or more CT scans for the evaluation of trauma (507 were male and 370 were female). Mean age of the patients was 57 years (range 14 to 99 years) and 96% had blunt injury. In 315 patients, there were 523 IFs (1.7 per patient); the most common were lung (17.5%), kidney (13%), and liver (11%). Radiology report compliance rate was 84% (210 of 249 patients). There were 66 studies from outside facilities. Sixteen IFs were suspicious for malignancy. A total of 151 patients needed no follow-up and 148 patients needed future follow-up evaluation. Predischarge IF disclosure compliance rate was 90.1% (286 patients); 25 were post discharge. Four patients remained undisclosed. Compared with our previous report, clearer reporting and electronic medical records prompts increased predischarge disclosure from 63.5% to 90.1% (p < 0.01, chi-square test) and decreased days to notification from 29.5 (range 0 to 277) to 5.2 (range 0 to 59) (p < 0.01, Mann-Whitney U test). CONCLUSIONS: Timely, complete disclosure of IFs improves patient outcomes and reduces medicolegal risk. Collaboration among trauma, radiology, and information technology promotes improved disclosure in trauma populations.

A proposal for shoring up Federal Trade Commission protections for electronic health record-connected consumer apps under 21st Century Cures.

Under the 21st Century Cures Act and the Office of the National Coordinator for Health Information Technology (ONC) rule implementing its interoperability provisions, a patient's rights to easily request and obtain digital access to portions of their medical records are now supported by both technology and policy. Data, once directed by a patient to leave a Health Insurance Portability and Accountability Act-covered health entity and enter a consumer app, will usually fall under Federal Trade Commission oversight. Because the statutory authority of the ONC does not extend to health data protection, there is not yet regulation to specifically address privacy protections for consumer apps. A technologically feasible workflow that could be widely adopted and permissible under ONC's rule, involves using the SMART on FHIR OAuth authorization routine to present standardized information about app behavior. This approach would not bias the patient in a way that triggers penalties under information blocking provisions of the rule.

Mobile Point-of-Care Medical Photography: Legal Considerations for Health Care Providers.

Medical photographs have been used for decades to document clinical findings. The ease with which medical photographs can be captured and integrated into the electronic health record (EHR) has increased as digital cameras obviated the need for the film development process. Today, cameras integrated into smartphones allow for high-resolution images to be instantly uploaded and integrated into the EHR. With major EHR vendors offering mobile smartphone applications for the conduct of point-of-care medical photography, health care providers and institutions need to be aware of legal questions that arise in the conduct of medical photography. Namely, (1) what are the requirements for consent when taking medical photographs, and how may photographs be used after consent is obtained, (2) are medical photographs admissible as evidence in court, and (3) how should a provider respond to a request by a patient or parent requesting that a photograph be deleted from the medical record? Herein, we review relevant laws and legal cases in the context of accepted standards of medical practice pertaining to point-of-care medical photography. This review is intended to aid health care providers and institutions seeking to develop or revise policies regarding using a mobile application at their clinical practice.

Ethical and Legal Implications of Remote Monitoring of Medical Devices.

Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. CONTEXT: Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored. METHODS: Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records. FINDINGS: Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data. CONCLUSIONS: Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.

Doctors Routinely Share Health Data Electronically Under HIPAA, and Sharing With Patients and Patients' Third-Party Health Apps is Consistent: Interoperability and Privacy Analysis.

Since 2000, federal regulations have affirmed that patients have a right to a complete copy of their health records from their physicians and hospitals. Today, providers across the nation use electronic health records and electronic information exchange for health care, and patients are choosing digital health apps to help them manage their own health and health information. Some doctors and health systems have voiced concern about whether they may transmit a patient's data upon the patient's request to the patient or the patient's health app. This hesitation impedes shared information and care coordination with patients. It impairs patients' ability to use the state-of-the-art digital health tools they choose to track and manage their health. It undermines the ability of patients' family caregivers to monitor health and to work remotely to provide care by using the nearly unique capabilities of health apps on people's smartphones. This paper explains that sharing data electronically with patients and patients' third-party apps is legally consistent under the Health Insurance Portability and Accountability Act (HIPAA) with routine electronic data sharing with other doctors for treatment or with insurers for reimbursement. The paper explains and illustrates basic principles and scenarios around sharing with patients, including patients' third-party apps. Doctors routinely and legally share health data electronically under HIPAA whether or not their organizations retain HIPAA responsibility. Sharing with patients and patients' third-party apps is no different and should be just as routine.

Evaluating people's concern about their health information privacy based on power-responsibility equilibrium model: A case of Taiwan.

To address the issue of rising expenditure of healthcare service and to fulfill the skyrocketing demand for quality healthcare, the electronic medical records (EMR) exchange has become a vital and indispensable solution for healthcare facilities in terms of being able to share medical information among healthcare providers. Hence, EMR exchange was expected to improve the quality of healthcare and reduce the cost of repetitive medical check-ups and unnecessary treatments. However, recent reports affirming EMR data leaks and compromises have ignited major worldwide privacy concerns over the security of the EMR systems. How to effectively diminish patients' concern for EMR privacy has thus become an important issue that healthcare institution managers/stakeholders have to address urgently. This study leverages the power-responsibility equilibrium perspective to investigate the antecedents and consequences of concerns for the EMR exchange. A survey using 391 responses collected from medical centers, regional and district hospitals in Taiwan was used to conduct this study. The results show that government regulations have a positive effect on hospital privacy policies. Furthermore, both government regulations and hospital privacy policy are negatively associated with concern for EMR information privacy. Additional reports gathered from this study also showed that concern for EMR information privacy could result in patients' protective responses including refusal to provide personal health information (PHI), removal of PHI, negative word of mouth, complaining directly to the hospital, or complaining indirectly to third-party organizations. These findings demonstrate the need for healthcare facilities to formulate robust privacy policies in order to alleviate patients' concern for EMR information privacy based on governmental regulations. This regulation is top-priority as the incapability of reducing patients' concern for EMR information privacy may lead to the collapse of the campaign for the full-adoption of EMR or possibly jeopardize the promotion and application of EMR among healthcare facilities.