AMIA: HIPAA Changes Needed to Permit Researcher Access to Patient Records
A leading healthcare informatics trade group wants Congress to amend HIPAA to allow researchers to gather data from patient records without permission from the patient.
In a letter to Rep. Fred Upton (R-MI), a supporter of the 21st Century Cures initiative, the American Medical Informatics Association (AMIA) calls for increased data sharing for research purposes. In its letter, AMIA notes that current HIPAA law allows HIPAA-covered entities (CEs) may disclose protected health information for “routine activities” including treatment, payment, and billing. HIPAA does not, however, provide similar exemptions for “observational or data research.”
According to AMIA, “Most hospitals and medical practices (and other CEs) believe then that health data can be used only for studies relating to their own institution or organization, and that they cannot allow the use of ‘their’ PHI for research purposes, absent a specific consent (HIPAA authorization) from each individual patient.” As a result, the organization states, troves of clinical data are siloed within healthcare organizations and are not used for the development and delivery of new treatments and cures.
AMIA included several recommendations for Congress, including:
- Convening a multistakeholder HIPAA barriers working group to discuss the elimination of barriers that prevent data movement.
- The creation of a Health IT Safety Center as envisioned in the FDASIA (the Food and Drug Administration Safety and Innovation Act) report through appropriations and through the explicit empowerment of the Office of the National Coordinator for HIT (ONC).
- Congress should consider amending the HIPAA definition of healthcare operations to have it include “non-interventional research” as an appropriate operational use of PHI.
Click here to read the full letter from AMIA.