Settlement in Rhode Island Reached to Boost HIE Transparency | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Settlement in Rhode Island Reached to Boost HIE Transparency

May 5, 2014
by Rajiv Leventhal
| Reprints

The Rhode Island Department of Health’s (DOH) statewide health information exchange (HIE) must be more transparent and offer patients more privacy protections, according to a settlement between the DOH and the Rhode Island chapter of the American Civil Liberties Union (ACLU).

In 2010, the ACLU filed a lawsuit against the Rhode Island DOH, challenging the adequacy of rules the agency had adopted to implement a centralized database of patient healthcare records. The HIE, called CurrentCare, authorized by the General Assembly in 2008, allows medical personnel to routinely access a patient’s entire medical file, including mental health records and other sensitive medical information.

When the DOH first adopted regulations to implement the HIE, the ACLU objected that they provided virtually no details as to how the system would actually work, or how it would protect the privacy, confidentiality, and informed consent interests of patients. At the time, the DOH responded that those issues would be dealt with through internal “policies” that would not be subject to the public notice and comment requirement that agency regulations must normally undergo, according to an ACLU announcement.

The ACLU’s lawsuit, filed in R.I. Superior Court, argued that the Department’s position violated the Administrative Procedures Act (APA), “since all department policies that have general application and which implement, interpret or prescribe law” are subject to the APA’s public vetting process.  Noting the significant privacy issues raised by the HIE, the ACLU had called it crucial that regulations setting up the system be as detailed as possible, explaining, for example, the rights patients have to opt out of the system, to correct information contained in it, and to ensure appropriate confidentiality of the data.

Under the settlement agreement, the DOH agreed it would halt its practice of “adopting unofficially promulgated policies to implement” its obligations under the HIE law. In their place, the DOH has unveiled significantly revised regulations that specify how patients can, among other things, revoke their participation in the HIE, limit healthcare providers’ access to their HIE information, and correct errors in their medical records. The proposed revisions to the regulations were the subject of a public hearing, and patients remain free not to have their medical information submitted to the HIE.

Michael Fine, the director of the Rhode Island Department of Health, told Rhode Island Public Radio that he welcomed the ACLU's help in protecting patient privacy.

Topics

News

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.

83% of Physicians Have Experienced a Cyber Attack, Survey Finds

Eighty-three percent of physicians in a recent survey said that they have experienced some sort of cyber attack, such as phishing and viruses.

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.