The federal Health IT Policy committee has recommended that the Department of Health and Human Services (HHS) not require patient consent for the use of electronic health record (EHR) data in research on improving the delivery of healthcare services. At the same time, however, the federal advisory body urged HHS to require healthcare organizations to follow “fair information practices” designed to protect patient privacy.
In a letter to national coordinator of health IT Farzad Mostashari, MD, the committee addressed issues involving the secondary use of EHR data that were raised by HHS’ recently proposed rules on the protection of human subjects in medical research. In its advance notice of proposed rulemaking, HHS said that patient consent should be required for any secondary use of patient-identifiable EHR data in healthcare services research.
Following the lead of its security and privacy workgroup, known as the Tiger Team, the Health IT Policy Committee noted that the use of EHR data in this kind of research is essential for healthcare reform, including quality improvement and population health management. To facilitate this work, it said, physicians should be allowed to use individually identifiable data without patient consent to improve healthcare delivery. However, the data would have to remain under the control of the physician or institution.
According to the committee, the rules on secondary use of EHR data should exempt using “provider entities’ EHR data for treatment purposes or to evaluate the safety, quality, and effectiveness of prevention and treatment activities.” Examples include comparative effectiveness research, early detection of patient safety issues, evaluation of interventions to increase provider compliance with clinical guidelines, and outreach efforts to increase patient adherence to recommended care.