Nation’s biomedical and health informatics professionals call for national leadership to provide patients with granular control of sensitive health data
(BETHESDA, MD) – The American Medical Informatics Association (AMIA) called proposed revisions to substance use disorder (SUD) regulations, also known as 42 CFR Part 2, well-intentioned, but ultimately insufficient. AMIA urged the Department of Health and Human Services (HHS) to lead a national effort to develop technical standards that would enable patients to have total control of their health data and enable providers to have a more complete picture of their SUDs patients.
In February 2016, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued a notice of proposed rulemaking (NPRM) updating regulations related to the confidentiality of alcohol and drug abuse patient records. These regulations, first written in 1975, were written out of great concern about the potential use of substance abuse information against individuals, causing individuals with substance use disorders to not seek needed treatment. SAMHSA’s goals in updating the 42 CFR Part 2 rules included the need to:
- Increase opportunities for individuals with substance use disorders to participate in new and emerging health and healthcare models and health IT;
- Facilitate the sharing of information within the health care system to support new models of integrated healthcare;
- Improve patient safety while maintaining or strengthening privacy protections for individuals seeking treatment for substance use disorders; and
- Decrease burdens associated with several aspects of the rule, including consent requirements.
The primary mechanism through which SAMHSA intend to achieve these goals is by allowing SUD patients to use a general designation in the “To Whom” section of the consent form, so that consent is not required each time it is requested by a clinician, a hospital, an health information exchange (HIE) or an accountable care organization. While supportive of this individual provision, AMIA stated its strong concern that SAMHSA, and HHS more broadly, fail to recognize (1) how difficult it is to manage patients with incomplete information and (2) how the digitization of patient records has made it easier to deduce SUD treatments across populations.
“Delivering comprehensive care for SUD patients is next to impossible under current rules,” AMIA said in comments submitted to federal officials today. “Logistical barriers and widespread confusion about the regulatory requirements often paralyze organizations from exchanging data or coordinating care with facilities regulated by 42 CFR Part 2.”
While AMIA said this proposed policy is “an improvement to the existing rules,” it is offset by a corresponding proposal to constrain the “From Whom” portion of the consent form. AMIA said the concept of this latter provision breaks down in the networked environment of an HIE query where data is pulled from a system or database. Such a model would be very challenging in an HIE environment AMIA said.
AMIA responded to numerous other proposals, but ultimately called on HHS for a renewed emphasis on technical solutions that would give patients granular control over their entire medical record, not just SUD information. Echoing the recommendations found in the 2010 report from the President’s Council of Advisors on Science and Technology and an influential 2014 report, AMIA called for national leadership to develop standards for health metadata and a granular data specification.
“Only by addressing the full challenge of keeping sensitive information confidential, and by giving patients complete access and granular control of all their health data, can SAMHSA fulfill its statutory obligations and realize their stated goals,” AMIA said.
“The difficulty of managing SUD data differently than every other piece of health information is, in itself, a dated concept and a flawed approach,” said AMIA Board Chair and Medical Director of IT Services at the University of Washington’s UW Medicine, Thomas H. Payne, MD. “Patients have varying degrees of concern for how mental health, reproductive health and other sensitive data is shared. We need a holistic approach that reflects patients’ wishes and gives patients complete control of their entire medical record.”
“Clearly, the trend in healthcare is to make patients first-order participants in their care,” said AMIA President and CEO Douglas H. Fridsma, MD, PhD. “This means giving them complete access to their own medical records, and it should mean giving them complete control over who sees their medical information.”
AMIA, the leading professional association for informatics professionals, is the center of action for 5,000 informatics professionals from more than 65 countries. As the voice of the nation’s top biomedical and health informatics professionals, AMIA and its members play a leading role in assessing the effect of health innovations on health policy, and advancing the field of informatics. AMIA actively supports five domains in informatics: translational bioinformatics, clinical research informatics, clinical informatics, consumer health informatics, and public health informatics.