The American Health Information Management Association has unveiled a Health Information Bill of Rights, a set of seven principles for protecting health care consumers.The Chicago-based association introduced the document during its annual convention, being held Oct. 3-8 in Grapevine, Texas. The association in November will make available for downloading via its Web site a wall poster of the rights for display in waiting areas, and a certification that an organization pledges to upload the seven principles. The principles are:* the right to access your health information free of charge;
* the right to access your health information during the course of treatment;
* the right to expect that your health information is accurate and as complete as possible;
* the right for you or your personal representative(s) to know who provides, accesses and updates your health information, except as precluded by law or regulation;
* the right to expect healthcare professionals and others with lawful access to your health information to be held accountable for violations of all privacy and security laws, policies and procedures, including the sharing of user IDs and passwords;
* the right to expect equivalent health information privacy and security protections to be available to all healthcare consumers regardless of state or geographic boundaries, or the location (jurisdiction) of where the treatment occurs; and
* the right to the opportunity for private legal recourse in the event of a breach of one's health information that causes harm.More information is available at ahima.org.
AHIMA moving from talk to action...why didn't these two groups join up to present a unified front, or at least some cooperative cross-posting surrounding these launches?
Does this push the "My Health Data" http://www.healthdatarights.org/ charter in the right direction? Definitely.
So which Bill of Health Data Rights Wins? Let's take a look at the challengers' semantic stats, head to head:
1. 'free of charge' (AHIMA) vs. 'at minimal or no cost' (healthdatarights.org): Clear winner = AHIMA
2. 'access your health information DURING the course of treatment' (AHIMA) vs. (healthdatarights.org):
Clear winner = AHIMA
3. 'your personal representative(s)' should know who provides, accesses, and updates your health info, except as precluded by law or regulation Clear winner = There isn't one.
(AHIMA) - good start, but this means patients will still most likely have to fight to have someone declared legal 'personal representative' - does this mean power of attorney?
AHIMA adds the 'safe' legal exclusion clause at the end, while HealthDataRights.org goes big with 'share information with others as we see fit.' Clear winner here? Idealistically HealthDataRights, enforceably AHIMA.
4. Your user Id and password ('online identity') is "your health information" (AHIMA) vs. "complete copy(?)" (healthdatarights.org):
Clear winner = AHIMA
5. "equivalent...protections available to all healthcare consumers (healthcare consumers!!!) regardless of state or geographic boundaries" (AHIMA) vs. "no law nor policy should abridge these rights" (healthdatarights):
Clear winner = ideally, HealthDataRights.org takes it; legally, I'm guessing the specificity of AHIMA will carry this round into OT.
6. "the right to private legal recourse in the event of a breach" (AHIMA) vs. "right to take possession" (lacks teeth - healthdatarights):
Clear winner = AHIMA, but I'm guessing this won't come without flack. Why?
AHIMA's Bill of Rights is actually stating:
1. My health data is my own, INCLUDING my 'online' assets like usernames and passwords. Here's a concrete recommendation I'll make AGAIN to protect the transfer of your online identity and any other 'assets,' current or future (ie income from blog advertising, etc): Compile your online assets in an addendum doc - including login information, hosting, inception dates, traffic stats hosting/compendium info, and have this added to your living will or your One Slide project pamphlet for family along with Advanced Directives of your choice).
2. AHIMA is placing the burden of reasonable, protective behavior on healthcare professionals who have 'lawful' access to your records. This means no more sharing gross Xrays of horrific wounds, interesting things in orifices, or celebrity lab results (or that of your local policeman) without permission. My medical record is not for your entertainment (I'm taking a devil's advocate tone on purpose here - MANY healthcare providers and caretakers, including many who have cared for me and my friends and loved ones, DO protect both my person and my personal information, and should be lauded and celebrated for both), but AHIMA is going out on a limb here. Healthcare delivery may not be a team sport, but often, unfortunately, looking at 'interesting' cases is a group activity. Wherein the patient responsibility for protecting our data and allowing access at will? Oh wait, we're still too sick, illiterate, and incapable of doing so, right? For some, maybe, but program in the choice.
3. AHIMA makes this a 'hot coffee' issue. Yes, I should be able to bring suit, but there should be more discussion of provisions for doing so in a concrete, quantitative way. What do damages look like? What and where are intermediaries who will step in if desired to help PRE-suit?
Lots more to do here. Good thing the Health 2.0 crowd voted that we're still 3+ years away from mass adoption of EHRs/EMRs, because at this rate it looks like we'll need that time just to figure out who owns my personal health information.
Unfortunately, it looks like it's still not me.