A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies

A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies

The Office of the National Coordinator for Health Information Technology estimates that 96% of all U.S. hospitals use a basic electronic health record, but only 62% are able to exchange health information with outside providers. Barriers to information exchange across EHR systems challenge data aggr...

Full description

Bibliographic Details
Main Author: Vasiliki Rahimzadeh
Format: Article
Language:English
Published: Frontiers Media S.A. 2021-02-01
Series:Frontiers in Big Data
Subjects:
data aggregation
EHR
privacy
HIPAA
California Consumer Privacy Act
Proposition 24
Online Access:https://www.frontiersin.org/articles/10.3389/fdata.2020.603044/full
id doaj-3ffd9561144942c787a769ca316758f8
record_format Article
spelling doaj-3ffd9561144942c787a769ca316758f82021-02-12T05:37:07ZengFrontiers Media S.A.Frontiers in Big Data2624-909X2021-02-01310.3389/fdata.2020.603044603044A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party CompaniesVasiliki RahimzadehThe Office of the National Coordinator for Health Information Technology estimates that 96% of all U.S. hospitals use a basic electronic health record, but only 62% are able to exchange health information with outside providers. Barriers to information exchange across EHR systems challenge data aggregation and analysis that hospitals need to evaluate healthcare quality and safety. A growing number of hospital systems are partnering with third-party companies to provide these services. In exchange, companies reserve the rights to sell the aggregated data and analyses produced therefrom, often without the knowledge of patients from whom the data were sourced. Such partnerships fall in a regulatory grey area and raise new ethical questions about whether health, consumer, or health and consumer privacy protections apply. The current opinion probes this question in the context of consumer privacy reform in California. It analyzes protections for health information recently expanded under the California Consumer Privacy Act (“CA Privacy Act”) in 2020 and compares them to protections outlined in the Health Information Portability and Accountability Act (“Federal Privacy Rule”). Four perspectives are considered in this ethical analysis: 1) standards of data deidentification; 2) rights of patients and consumers in relation to their health information; 3) entities covered by the CA Privacy Act; 4) scope and complementarity of federal and state regulations. The opinion concludes that the CCPA is limited in its application when health information is processed by a third-party data aggregation company that is contractually designated as a business associate; when health information is deidentified; and when hospital data are sourced from publicly owned and operated hospitals. Lastly, the opinion offers practical recommendations for facilitating parity between state and federal health data privacy laws and for how a more equitable distribution of informational risks and benefits from the sale of aggregated hospital data could be fostered and presents ways both for-profit and nonprofit hospitals can sustain patient trust when negotiating partnerships with third-party data aggregation companies.https://www.frontiersin.org/articles/10.3389/fdata.2020.603044/fulldata aggregationEHRprivacyHIPAACalifornia Consumer Privacy ActProposition 24
collection DOAJ
language English
format Article
sources DOAJ
author Vasiliki Rahimzadeh
spellingShingle Vasiliki Rahimzadeh
A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
Frontiers in Big Data
data aggregation
EHR
privacy
HIPAA
California Consumer Privacy Act
Proposition 24
author_facet Vasiliki Rahimzadeh
author_sort Vasiliki Rahimzadeh
title A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
title_short A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
title_full A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
title_fullStr A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
title_full_unstemmed A Policy and Practice Review of Consumer Protections and Their Application to Hospital-Sourced Data Aggregation and Analytics by Third-Party Companies
title_sort policy and practice review of consumer protections and their application to hospital-sourced data aggregation and analytics by third-party companies
publisher Frontiers Media S.A.
series Frontiers in Big Data
issn 2624-909X
publishDate 2021-02-01
description The Office of the National Coordinator for Health Information Technology estimates that 96% of all U.S. hospitals use a basic electronic health record, but only 62% are able to exchange health information with outside providers. Barriers to information exchange across EHR systems challenge data aggregation and analysis that hospitals need to evaluate healthcare quality and safety. A growing number of hospital systems are partnering with third-party companies to provide these services. In exchange, companies reserve the rights to sell the aggregated data and analyses produced therefrom, often without the knowledge of patients from whom the data were sourced. Such partnerships fall in a regulatory grey area and raise new ethical questions about whether health, consumer, or health and consumer privacy protections apply. The current opinion probes this question in the context of consumer privacy reform in California. It analyzes protections for health information recently expanded under the California Consumer Privacy Act (“CA Privacy Act”) in 2020 and compares them to protections outlined in the Health Information Portability and Accountability Act (“Federal Privacy Rule”). Four perspectives are considered in this ethical analysis: 1) standards of data deidentification; 2) rights of patients and consumers in relation to their health information; 3) entities covered by the CA Privacy Act; 4) scope and complementarity of federal and state regulations. The opinion concludes that the CCPA is limited in its application when health information is processed by a third-party data aggregation company that is contractually designated as a business associate; when health information is deidentified; and when hospital data are sourced from publicly owned and operated hospitals. Lastly, the opinion offers practical recommendations for facilitating parity between state and federal health data privacy laws and for how a more equitable distribution of informational risks and benefits from the sale of aggregated hospital data could be fostered and presents ways both for-profit and nonprofit hospitals can sustain patient trust when negotiating partnerships with third-party data aggregation companies.
topic data aggregation
EHR
privacy
HIPAA
California Consumer Privacy Act
Proposition 24
url https://www.frontiersin.org/articles/10.3389/fdata.2020.603044/full
work_keys_str_mv AT vasilikirahimzadeh apolicyandpracticereviewofconsumerprotectionsandtheirapplicationtohospitalsourceddataaggregationandanalyticsbythirdpartycompanies
AT vasilikirahimzadeh policyandpracticereviewofconsumerprotectionsandtheirapplicationtohospitalsourceddataaggregationandanalyticsbythirdpartycompanies
_version_ 1724273702989725696

Similar Items