Clinicians struggle with the complex challenge of maintaining an accurate electronic medical record when a parent has authority to access their adolescent child’s record. Could increasing patient engagement with Stage 2 Meaningful Use create regulatory challenges in HIPPA privacy rules and electronic health records (EHRs) for the adolescent patient population?
In 2001, the Institute of Medicine report Crossing the Quality Chasm emphasized the importance of patients having access to their medical information to improve health care quality and safety. This report identified health information technology as a portal to increase patient-provider communication and patient knowledge. In 2002, The Standards for Privacy of Individually Identifiable Health Information (PDF) were enacted to provide rights for individuals to have access to their medical record.
Stage 2 Meaningful Use (PDF) aims to support further access and patient engagement with the requirement that 5 percent of patients must electronically view, download and transmit health information and 5 percent must engage in secure e-messaging with their care providers. EHRs with web-based patient portals offer direct access to an individual’s medical record, including problem lists, medications, laboratory and diagnostic test results. The portal enables secure e-mail communication between the authorized user and the health care provider. This EHR capability provides access to a patient’s individual medical record as recommended in the IOM report; however, there are challenges in maintaining the HIPAA privacy rule with a patient portal accessed EHR.
Traditionally in pediatric or family practice ambulatory care, the parent or guardian has authorized access to their child’s medical record. There are clinical scenarios where adolescents become emancipated minors when seeking confidential treatment for sexually related issues (sexually transmitted diseases, pregnancy, HIV), substance abuse, and mental health. In such cases, the parent does not automatically have the right of access to the minor’s medical record. Each state has laws protecting a minor’s right to consent to their own treatment for certain health care, usually related to sexual or mental health or drug treatment, in effect, emancipating themselves from their parent or guardian. The HIPAA privacy rule defers to state laws in these cases. California, Montana and Washington have health privacy laws that explicitly give minors authority over their health records when they have legally consented to care.
Social norms are enacted when “state law is silent on the issue of parents’ access, the clinician or health plan has discretion to determine whether to grant access to a parent requesting it” (The HIPAA Privacy Rule and Adolescents: Legal Questions and Clinical Challenges). The clinician and/or health plan may be influenced by the social norms of the community on determining access. If the clinical care is located in a conservative religious community, there may be greater tendency to grant parental access to an adolescent’s medical record than if located in a liberal urban community where adolescents live more autonomously with less parental oversight. The health plans and clinicians’ decisions on access will be influenced by the community norms.
Clinicians struggle with the complex challenge of maintaining an accurate electronic medical record when a parent has authority to access their adolescent child’s record. The privacy and security of a confidential health care encounter is at risk of being viewed by the parent of the minor. This is an issue that could be addressed by modifying code in the software design to identify authorized persons (minor and parent) who access the medical record through the patient portal. Identity authentication must be developed to differentiate parent from minor, perhaps through separate passwords. The confidential encounter will need to be flagged as accessible only for the minor.
The marketplace has some influence in this area as health care organizations will ask the EHR vendors to develop software with this authentication capability to protect patient privacy and security and comply with state and federal privacy regulations. This issue may extend beyond the challenges of emancipated minors to include guardians of family members who are incapacitated. EHR vendors who can meet this request will have an advantage over other vendors, and garner a larger market.
Now is a time for all stakeholders, patients, clinicians, vendors, insurers, and health delivery systems, to brainstorm best ideas that welcome patient engagement and access to electronic medical records while ensuring their rights of privacy and security. As we move toward full integration of health information technology, eligible providers and hospitals will need viable solutions that will not impede workflow, increase cost, or create burdens on the delivery system. Let the discussion begin.
Anna M. Gard, FNP-BC is a certified family nurse practitioner at the VNA Community Health Services Children’s Clinic, a nurse managed health center in Abington, Pennsylvania. She is a Health Disparities Consultant for the Association of Clinicians for the Underserved. Her key areas of focus are the intersection of health disparities, quality improvement performance, patient centered medical home, chronic care management, and health IT in safety net populations.