HIPAA hinders patients’ wish to share online health records with care partners, report says

January 24, 2014

Elderly or chronically ill patients may want family and friends to have access to their health records, but physicians’ offices run into the legal problem of keeping those records secure.

Elderly or chronically ill patients may want family and friends to have access to their health records, but physicians’ offices run into the legal problem of keeping those records secure. According to a report in the January 22/29 Journal of the American Medical Association (JAMA), privacy and security regulations aren’t keeping up with the convergence of technology and an increased emphasis on care coordination.

Patients often want to share clinical information with care partners. In a survey of more than 18,000 patients, 79% want to share information with someone outside of the healthcare team, and almost half want to share information with someone who doesn’t live with them. JAMA identified these people as care partners-not necessarily day-to-day caregivers, but spouses, relatives, and friends who help the patient with healthcare decisions.

With the rise of online patient portals available through electronic health records (EHRs), it is now possible for patients to share information with loved ones that don’t live with them. JAMA calls for “a more nuanced” access to this information by making it available to each care partner through their own login-not through sharing passwords with the patient.

“Using distinct credentials/authentication for care partners would allow patients to determine which types of information they would like to share,” the JAMA authors state. “Granting separate credentials allows for periodic reauthentication and, if needed, revocation of care partner access.”

Of course, physicians might view this as a security nightmare, as they must comply with the Health Insurance Portability and Accountability Act (HIPAA), and violations can cost thousands or millions of dollars. Minimum HIPAA violation fines average $50,000. The top reasons for violations include the release of unauthorized information, the release of information to an undesignated party, and lack of a patient signature on release forms.

JAMA says that care partners can feel like they are being pushed away in the care coordination system, and that technology advances are the obvious solution. “There is a potential for improving care if care partners and families can be more effectively engaged through EHRs: this can be accomplished without undermining patient privacy or the security of protected health information,” JAMA says.