Introducing the Cross Cutting Policy Issues Paper
Manatt/CDT

Following up on Deven McGraw’s blog post from last month, which described the session on cross-cutting legal and policy issues at the recent Project HealthDesign grantee meeting at the Vanderbilt Center for Better Health, we have taken the feedback provided by the grantees at that meeting and turned it into a proposed outline for a “Cross Cutting Policy Issues” paper.

The purpose of this paper is to address issues that may create obstacles to more widespread adoption of health care quality improvement models that leverage technology to bridge the information gap between clinical care teams and patients. The paper will discuss potential public policy solutions or risk mitigation strategies for overcoming these obstacles.

Based on the grantees’ brainstorming at the recent meeting in Nashville, we are proposing to focus on three sets of issues: (1) provider liability concerns relating to the availability of patient-supplied information; (2) uncertainty about legal obligations for assuring the security of information transmitted between portable devices and other computer systems and (3) the lack of a clear legal framework for many types of personal health records. Manatt and CDT, with the input of the National Project Office and other Project HealthDesign consultants, have prepared a proposed outline for the paper, which is provided below. We will be seeking grantees’ feedback on this outline. Indeed, we will be involving the grantees in every step of the process of preparing the Cross Cutting Policy Issues paper. More to come on this process in the future. In the meantime, please post your reactions to our outline below.

Outline of Cross Cutting Policy Issues Paper

I. Issue 1: Uncertainty about Health Care Providers’ Liability when Incorporating
ODLs into Clinical Practice and Communicating with Patients Electronically.
A. Overview of general legal standards governing providers’ exposure to malpractice liability.
B. Common provider liability concerns related to use of ODLs in clinical practice.
1. How to ensure the accuracy of ODLs and/or how to protect against liability for reliance on inaccurate ODLs.
2. How to determine whether/when health care providers have to review and/or act on ODLs submitted by patients.
3. How to determine when it is appropriate for health care providers to communicate with patients via email or other electronic means.
4. Whether a health care provider is responsible for ensuring that a patient received an alert or other communication generated by the health care provider and delivered via email or other electronic means.
5. How to manage patients’ expectations about communication of ODLs with health care providers (e.g. provider response time, coordination among treating providers).
C. Best practices for minimizing risks associated with common concerns (e.g. setting clear expectations on the part of providers and patients about what data should be exchanged, how, and when).

II. Issue 2: Uncertainty about How to Comply with the HIPAA Security Rule’s Requirements for Electronic Transmission Security When Communicating ODLs and Using Mobile Technologies and Internet Social Networking Sits to Communicate with Patients.
A. Brief overview of HIPAA Security Rule transmission security requirements (e.g. encryption).
B. Challenges associated with use of communications technologies (e.g. text/SMS messaging) that can not meet the Security Rule’s transmission security requirements.
C. Best practices, including alternative safeguards, for complying with the Security Rule’s requirements when using such technologies.

III. Issue 3: Uncertain Policy Environment Regarding an Individual’s Use of Internet for Sharing Health Information
A. Brief overview of legal landscape -
1. HIPAA does not apply, except with respect to certain uses of PHRs (explained below).
2. Federal Trade Commission (“FTC”) has minimal authority to regulate PHRs (breach notification for non-HIPAA PHRs), but what is a PHR? Does that include Twitter and Facebook?
3. FTC authority to enforce privacy policies in commercial space.
4. What is “PHI” in the 2.0 world?
B. Lack of clarity stalls robust use of these tools and stalls innovation.
C. Advocate for baseline protections that apply in Internet space (so data doesn’t move from protected to unprotected).
D. Make more clear when HIPAA applies and when it doesn’t (discuss PHR confusion as an example and stress need for clear, consistent policies)
E. Promote a set of industry best practices in the absence of changes in law.
[/size]



Edited 1 time(s). Last edit at 11/04/2010 10:59AM by phdadmin.