Health care organizations are falling short in allowing patients to take greater control over their health data, according to a recent study published in the journal Health Affairs, Modern Healthcare reports.
About the Study
The study was conducted by Robert Miller, a professor of health economics at the University of California-San Francisco's Institute for Health and Aging (Conn, Modern Healthcare, 3/9).
The consumer advocacy group Consumers Union commissioned the study, which received funding from the California HealthCare Foundation. CHCF publishes iHealthBeat (Consumers Union release, 3/6).
For the study, Miller conducted case studies of five California-based health care organizations:
- Inland Empire Health Plan;
- Kaiser Permanente;
- Nautilus Health Care Management Group;
- Santa Clara Valley Health & Hospital System; and
- Santa Cruz Health Information Exchange.
The study evaluates the organizations' compliance with nine principles aimed at maximizing the benefits of health information exchange while ensuring privacy and security. Consumers Union, the National Council of La Raza and the Pacific Business Group on Health were among a group of 16 organizations to outline the nine principles in June 2010.
Miller found that the five health care organizations "clearly took privacy and security issues seriously" because they had many policies and procedures in place to ensure the security of their data.
However, he wrote that "none of the organizations did much to educate consumers about the data available about them or to enable them to control their data" (Modern Healthcare, 3/9).
According to Miller, many of the organizations maintained audit trails and were willing to provide such records to patients on request, but they did not actively inform patients that such audit trails existed. He added that if an organization did provide a patient with an audit trail, the information typically was written in a complex format.
Miller wrote, "For organizations to comply with all nine patient and consumer principles, clear 'rules of the road' for information-sharing must be defined and patient education in health information exchange and control over personal data must be increased" (Goth, FierceHealthIT, 3/8).