Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2018 Summer;58(4):411-435.

GRANULAR PATIENT CONTROL OF PERSONAL HEALTH INFORMATION: FEDERAL AND STATE LAW CONSIDERATIONS

Michael J Saks  1 Adela Grando  2 Anita Murcko  3 Chase Millea  4
Affiliations

GRANULAR PATIENT CONTROL OF PERSONAL HEALTH INFORMATION: FEDERAL AND STATE LAW CONSIDERATIONS

Michael J Saks et al. Jurimetrics. 2018 Summer.

Abstract

The advent of electronic medical records and health information exchanges has facilitated the possibility of patients exercising increasingly granular control over sensitive health information. In principle, patients should be able to control which of their health information is made accessible to which of their healthcare providers. To meet this goal, the architects of any system of granular control of patients' health information face a variety of challenges. In addition to technical, ethical, and prudential considerations, the architects of any effective system must also ensure compliance with applicable legal requirements. The extent of a patient's permissible control depends upon whether governing law prohibits providers from disclosing health information to other providers without a patient's authorization, permits providers to disclose to other providers at the provider's discretion, or requires such disclosure. To inform efforts to design a viable system, this article analyzes U.S. federal and state (Arizona) law in regard to the sharing of the following types of sensitive health information: substance abuse, mental health, genetic, communicable diseases, and sexual and reproductive health.

PubMed Disclaimer

References

    1. See generally Caine Kelly et al., Designing a Patient-Centered User Interface for Access Decisions About EHR Data: Implications from Patient Interviews, 30 J. GEN. INTERNAL MED (SUPP. 1) S7 (2015) - PMC - PubMed
    2. Caine Kelly & Hanania Rima, Patients Want Granular Privacy Control Over Health Information in Electronic Medical Records, 20 J. AM. MED. INFORMATICS ASS’N 7 (2013) - PMC - PubMed
    3. Campos-Castillo Celeste & Anthony Denise L., The Double-Edged Sword of Electronic Health Records: Implications for Patient Disclosure, 22 J. AM. MED. INFORMATICS ASS’N e130 (2015) - PMC - PubMed
    4. Adela Grando M et al., A Study to Elicit Behavioral Health Patients’ and Providers’ Opinions on Health Records Consent, 45 J. L. MED. & ETHICS 238 (2017) - PMC - PubMed
    5. Schwartz Peter H. et al., Patient Preferences in Controlling Access to Their Electronic Health Records: A Prospective Cohort Study in Primary Care, 30 J. GEN. INTERNAL MED (SUPP. 1) S25 (2015). - PMC - PubMed
    1. Federal healthcare regulations, notably HIPAA, apply only to covered entities and their business associates. See 45 C.F.R. §§ 160.102–.103 (2017). Other laws also regulate certain indi-viduals and institutions but not others. Thus, the analysis depends upon who the sender of infor-mation is, what the information consists of, and who the receiver is.
    1. See infra Section I.C.1. See also HEALTHCURRENT, https://healthcurrent.org [https://perma.cc/8J34-9ATH].
    1. The research doing this work is funded by NIMH Grant R01MH108992 to Principal Investigator Adela Grando.
    1. About Us, SUBSTANCE ABUSE & MENTAL HEALTH ADMIN, https://www.samhsa.gov/about-us [https://perma.cc/AKP7-BMTC].

LinkOut - more resources