Crowdsignal Logo

How much control should patients have in the sharing of their EHR information? (Poll Closed)

Total Votes: 245

  • Sam - 9 months ago

    My personal level is between the "request for certain data with mandatory compliance" and "request with optional compliance." Some data should not be allowed to opt out of exchange. The classic example there is prescriptions for certain controlled substances. Anything not flagged that way (whether implemented by flagging by the entering clinician with a specific reason or a list generated by a federal agency) should be mandatory compliance.

  • Hannah Galvin - 10 months ago

    This is certainly a complex issue, both technically and from an implementation standpoint. As Carol Robinson, notes, lacking adequate technical standards for granular segmentation of sensitive data, many entities resort to blunt algorithms or manual processes to withhold sharing for broad populations in order to comply with state and federal law. This may result in care inequities and potential information blocking, as patients with conditions that are associated with a stigma, when given the option, may be less likely to consent to having their data shared across care systems. As some sensitive conditions are more prevalent in historically disenfranchised populations, this contributes to disparities in care.

    Shift, the independent task force for equitable interoperability, is a multidisciplinary national group of 300 volunteer experts who have come together with the purpose of maturing granular data segmentation standards, profiles, and implementation guidance in order to sponsor patient-driven sharing of health information with informed consent in order to advance interoperability in a more equitable manner. Shift's Governing Board includes the American Medical Association (AMA), the American Academy of Pediatrics (AAP), the HIMSS Electronic Health Records Association (EHRA), Integrating the Healthcare Enterprise USA (IHE USA), the Drummond Group, and ONC (ex-officio). Stakeholders include health care organizations, health IT vendors, professional societies, standards development organizations, HIE's, Interoperability Frameworks, payers, government, government and nongovernment contractors, privacy law and ethics experts, and patient advocates, among others.

    Shift seeks to advance an interoperable ecosystem with an eye toward ameliorating these types of disparities through the ability to granularly segment sensitive data, a concept we have termed “equitable interoperability.” Shift approaches our work from this equity framework, and has advisory groups consisting of clinicians, patients/patient advocates, legal and policy experts, and those with expertise in ethics and equity informing all of our work, which is open source.

    Shift is working closely with the HL7 Security Work Group and IHE to mature data segmentation standards and consent profiles according to four high-priority clinical use cases; we are building out reference implementations based on these, the first of which was demo'd at HIMSS 2023. Shift is working with terminology experts to mature a semantic conceptual model for sensitive data and is seeking a VSAC steward for this in the long term. Simultaneously, Shift is conducting a modified Delphi process to address issues such as the safety and ethics of patient-redacted data in clinical care, what informed consent would look like related to treatment/payment/operations, if/how an intended recipient should be notified that they have not received information, and if/how such information should be used in decision support interventions.

    Ultimately, Shift believes a policy driver will be needed to spur widespread adoption of data segmentation standards and a consent model. Shift aims to remain in lockstep with ONC in order to mature both technical approaches and non-technical guidance in anticipation of future policy development.

    Any stakeholders interested in joining the conversation are welcome to fill out Shift's interest form at

  • Carol Robinson - 10 months ago

    The all-or-nothing approach to sharing data with HIEs or through national networks (eHealth Exchange, CommonWell, Carequality) is insufficient. Current practice is to share ALL health data that is not subject to special legal protections unless an individual "opts out" of data exchange. In that case, NONE of the individual's health information is shared. Giving patients the ability to choose when and with whom specific EHR content can be shared, down to the granular data level, will require significant changes in EHR coding and controls, or it will require that data-tagging for privacy choices can be effectively applied to medical records by HIEs, QHINs, or other data exchange facilitators.

    The healthcare industry has been stalled at the lowest functional level for patient-mediated control over the use and sharing of health information-- opt all-out or opt all-in. This is a typical example of letting the concept of perfect interfere with progress, and unfortunately, it's an industry-accepted cop-out.

    Effectively parsing clinical information that's been gathered from multiple sources with the application of data tagging for privacy is possible, but offering such a service to patients will require a high level of confidence that information intended to stay private will not be inadvertently shared in a clinical note, or as a miscoded data element.

    Does that mean nothing better than all-in or all-out can be offered now? No.

    Individuals can be given more agency over the sharing and use of their health and social services data, and there are several companies including mine ( that are offering better ways to give individuals more control over their data than all-or-nothing consent. Thanks @HISTALK for running this poll!

  • Laura Fochtmann - 10 months ago

    Unfortunately, it's likely too late to set up a robust system for patient controlled permissions, even if that were the ultimate decision. Nonetheless, as Ross notes, this is a very challenging issue for which views may reasonably differ.

    In many discussions over the years with other clinicians, the rationale for full access seems to fall into three main categories: that they want to provide optimal care and that's only possible with total access, that they SHOULD be able to view any information, and that they will have greater malpractice risk if they don't know the relevant information. (The latter could be addressed through tort reform.)

    The issues for patients are that some information is very personal and they would prefer to share it selectively. In addition, it is an unfortunate reality that health professionals share the biases of the general population. Thus, it's not uncommon for individuals with certain health histories to be discriminated against and receive less than optimal care as a result. In my career as a psychiatrist, I've seen many examples where important medical symptoms were overlooked and viewed as "psychiatric" based on the patient's past history. I've also seen patients treated rudely or dismissively because of psychiatric histories including histories of substance use. Other examples abound and patients recognize these things.

    Patients also increasingly recognize that giving access to treating clinicians (which most people are willing to do) is not the same as giving access to the whole host of others who touch electronic charts under HIPAA's treatment, payment, and operations. Individuals who have legitimate reasons to access a chart under TPO may include neighbors, co-workers, relatives, ex-relatives, or other acquaintances, often without the patient even realizing who opened a chart or why. For people who are well known in a community or work in the health system, it can be even more problematic. Yet few systems are set up to be able to give patients any control over who or for what reasons a chart can be accessed.

    EHRs are designed to share information on meds, labs, problems and visit types across encounters. However, that is the precise information the patients are most likely to want to restrict because it either provides information on diagnoses or allows inferences to be made about diagnoses.

    We also know that without restrictions on who can see specific information that some individuals will not seek care at all if an EHR is used. We see this frequently in psychiatry and the individuals who choose not to seek care include those who best understand the pluses and minuses of total data sharing such as health professionals.

    A final question is the extent to which having access to all of this information really helps clinicians. In the pre-EHR era, it was rare to have access to a chart or a medication list other than what was in your own notes or occasionally in a clinic or hospital paper chart. Was it less efficient in some cases or were things sometimes missed? Definitely so. But with the exception of true emergencies (with unresponsive patients and no one available to give a history), it never seemed like that big of an impediment. Not being able to get labs, imaging, cardiology, or consultations done elsewhere was the biggest challenge--important details that the patient didn't know. But we still can't get those things easily! Even when the information is available in the EHR of one's health system, we know that people rarely access prior notes and clinically important information is often buried in clutter.Furthermore, access to "all" the information sometimes propagates misinformation when it's recorded incorrectly or misunderstood in dictation and then pasted into future notes. Clinicians don't have time to sift through everything in EHRs as it is, so why not help patients feel more comfortable with care by giving them control over what is shared and with wh

  • Ross Koppel - 10 months ago

    This is an extraordinarily complex issues. Of course I want sharing info for pt care and research. But many share with commercial firms. Also, now, we know re-ID is 100% possible.

Leave a Comment

0/4000 chars

Submit Comment