Maine Bill Would Require HIE Opt-In

Patients Would Have to Opt In to Allow Data Access
Maine Bill Would Require HIE Opt-In
Privacy advocates in Maine are supporting a proposed state privacy law that would require patients opt in to participate in the state's health information exchange before clinicians can access their records via the HIE. Under the HIE's current procedures, a patient's information is included in the exchange's database unless the patient opts out.

The legislation, introduced by Sen. Roger Katz, R-Augusta, would require that healthcare providers give patients an opt-in form that they could use to indicate whether they want their information shared over HealthInfoNet, the statewide HIE. The bill also would:

  • Mandate the HIE notify patients in case of a breach;
  • Mandate that patients be able to review their records that are accessible via the HIE;
  • Prohibit disclosure of records for marketing or sales without patient authorization;
  • Prohibit denial of treatment or payment on the basis of non-participation in HealthInfoNet.
"In order to maximize trust, participation and value in a statewide exchange, we must protect a patient's right to control what happens to their highly personal medical information," Katz said in a statement.

In voicing support for the bill, Shenna Bellows, executive director of the Maine Civil Liberties Union, said, "Patients should have a choice as to whether they want their private medical records to be shared in a statewide database. Patient privacy and consent need not be barriers to improving coordinated care."

Central Data Repository

HealthInfoNet uses a central data repository to store certain patient records, explained Devore Culver, the HIE's executive director and CEO. Authorized clinical users can access information in the database using a secure virtual private network portal, he explained. "Any authorized clinician accessing the exchange must 'break the glass' and associate themselves with a patient in a specific role before access to personal health information is granted," Culver said.

Healthcare providers in Maine that participate in the statewide HIE give patients a Notice of Privacy Practices, as required under HIPAA, that also describes that their data may be shared via the HIE, Culver said. The notice describes how a patient may opt out of having their information shared via the HIE. Patients can opt out via the web, over the phone or by filling out a paper form. "Once a patient opts out, their health information is deleted from the HIE," Culver said.

HealthInfoNet designed its patient consent strategy in 2007. A majority of stakeholders, including representatives of patients, providers, payers, business and government, "felt an opt-out strategy best balanced the interests of patients, providers and all those involved, as well as ensured the exchange would be effective, valuable and viable," Culver said. "All agreed that an opt-in policy was impractical and would not lead to enough participation to be of value."

The Privacy and Security Tiger Team, which advises federal regulators, has endorsed a "meaningful consent" approach that HIEs should take; it accommodates either the opt-in or opt-out approach. (See: Patient Consent Guidelines Endorsed). The team's recommendations have not yet been incorporated into a federal rule or regulation.

An HIE survey last year found that only 18 percent of health information exchanges had a policy requiring patients to "opt-in" and give formal consent before any of their records are shared via the networks (See: Survey: 'Opt-In' for HIE Consent is Rare).


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.