HARTFORD — Following continued concerns from hospitals, physicians, and behavioral health providers about the security and confidentiality of patient health data, lawmakers are changing what records will be included in the state's health information exchange. We are asking for further discussion on whether access is possible.
At a press conference Monday, state Sen. Saud Anwar (D-South Windsor) spoke about the Senate's omnibus health care bill, which would determine who is responsible for the data breach and other policies the exchange has adopted regarding patient health. He said he would establish a working group to consider the issue. Nursing care records.
“At the heart of this issue is the need for all the data, but it is important that patient health information is protected. And we believe that everything is being done to ensure that it is taken care of. It actually gives me peace of mind,” Anwar said.
Health Information Exchange, also known as Connie, was founded three years ago. Although the organization operates as a nonprofit organization, executive director Jen Searles and board chair Sumit Sanjnani are employees of the state Office of Health Strategy.
The nine-person board includes four government officials and four hospital and insurance industry representatives. Yale New Haven Health System. Griffin Hospital is a subsidiary of PlanetTree International and an affiliate of Yale University School of Medicine. Elevance Health is an insurance company formerly known as Anthem. The board also includes patient advocate Jose Crespo, a New Haven City Council member and employed by Cornell Scott Hill Health Center.
Under state law, all health care providers are required to participate in state health information exchanges. However, questions about the transparency of who the exchange shares information with have persisted since its inception.
In March, 28 health care organizations submitted testimony to the state Legislature's public health committee outlining ongoing concerns about how the exchange is being operated and who is accountable for it.
Key issues raised include so-called “specially protected information,” such as records related to health behaviors and substance use disorders. These organizations noted that they are unable to separate this sensitive information from other health records added to the exchange. They suggested that providers handling such information should be exempt from participation.
Last year, behavioral health providers said they did not want to share private mental health information with the exchanges.
Healthcare providers also highlighted reproductive health records as another area that requires increased confidentiality and protection.
Patients can request that their data be removed from the exchange, but not everyone agrees that this is the best way to structure the system.
“Some people may feel like they need to opt in rather than opt out. So for some patients, it's worth having these conversations as well,” Anwar said.
Paul Kidwell, senior vice president of policy for the Connecticut Hospital Association, told CT Examiner that even if a patient opts out, their medical information will still be sent to Connie, who will remove that information from the exchange. He said it would be Connie's responsibility. This raised concerns about the level of care taken to ensure these records were not accessed, he said.
Anthony Yoder, a member of the Connecticut Chapter of the American Medical Association, told CT Examiner that regardless of how the system works, ultimately patients need to be in control.
“Patients need to have ownership of their data in whatever way they choose. If they opt out, there obviously needs to be a mechanism for that. If they opt in, there needs to be a mechanism for that. We need that,” Yoder said.
Anwar said the task force would also determine liability in case of data breaches.
“If that data is compromised, who will communicate? Who will communicate with patients about it? And who will be legally responsible? So there are some unresolved parts of this problem. There are so many,” he said.
It is unclear who will be part of the working group, but Anwar said it would include “all stakeholders” along with representatives from the Health Strategy Authority.
Health Information Exchange already has “robust privacy and security controls and protocols” in place, including a disaster recovery plan for cyberattacks, and that Health Information Exchange already has “robust privacy and security controls and protocols” in place, including a disaster recovery plan for cyberattacks, and that it is working with an independent company and He said he is conducting a security audit.
“Prioritizing the safety of millions of patients, Mr. Coney implemented stricter protocols than were legally required,” Searles said in a statement. “We believe this level of protection exceeds the level typically provided by other health data organizations and will provide great peace of mind to healthcare providers and patients across the state.”