Tuesday, May 31, 2011

Using an HIE to Stalk a Patient

One of my state-wide HIE clients asked me the following question:

A battered woman moves from CityA to CityB and she doesn’t want her husband to find her so she opts out of the exchange. The woman seeks medical attention from a doctor in CityB. The doctor sends the woman’s new address to the exchange. Can a doctor who treated the woman in CityA see her new address or will the doctor only see the CityA address they have on file for the woman?

This one initially threw me for a loop. The purpose of an exchange is to allow doctors to see updated information on their patients. This state has a strong “opt out” policy that does not allow information to be exchanged if the patient has “opted out.” In the above use case, the patient has “opted out”, so we would not share clinical information. This state does not allow a provider to “break the glass” to override the patient’s decision to not share their information.

I think that we can configure the relationship between the Master Patient Index (MPI) and Clinical front end to prohibit the updated demographics from flowing from the MPI to the clinical system when the patient has “opted out” of data sharing.

The curious case here is that the patient would have to be stalked by either a doctor that had treated her previously, or a friend of a doctor that had treated her previously that was willing to violate HIPAA and share that information with the stalker. The real world is such a complex place that I am fairly certain that this will happen.

The bottom line is that technology is not foolproof and relies on policy and the law. Technology implements policy. If a user is willing to abuse the system and/or violate the law, they can do some unpleasant things.

This is certainly a use case that I had not considered.

No comments:

Post a Comment