The views expressed by contributors are their own and not the view of The Hill

How to navigate medical privacy in today’s digital landscape

The doctor's stethoscope is placed on the notebook computer.

As a practicing pediatrician and chief medical information officer for a public, academic health system, as well as an appointed member of the Office of the National Coordinator for Health IT (ONC) Health IT Advisory Committee, I appreciate Dr. Kevin Baumlin’s concerns that the recent HTI-1 NPRM proposal for granular segmentation to support patient-requested restrictions under the HIPAA Privacy Rule could limit the availability of data to treating providers. After all, what have we been doing for the past 15 years if not building the pipelines of an interoperable ecosystem to allow sharing of such personal health information in order to allow the highest quality care possible?  

Yet even in the most advanced frameworks, data sharing remains limited.

Those of us who provide care know that we almost never have all of the clinically important information about a patient in front of us: perhaps because the individual didn’t provide it, because there was a mistake or misunderstanding, or because there is too much potentially relevant data to sort through it all. Moreover, as the public becomes more aware of how their information is shared across the expanding healthcare ecosystem, more patients are expressing concerns about the privacy of their data, and potentially electing not to disclose relevant information to their caregivers due to fears about how it could be used.

These concerns are particularly prevalent in historically marginalized populations. The medical literature shows longstanding medical mistrust in these communities that has been correlated with a decreased adherence to care recommendations, including preventive screenings and, most recently, COVID vaccination uptake.

The HIPAA Privacy Rule gives patients the right to request a restriction on disclosure of their health data. Patients may request such a restriction due to the potential stigma of a medical condition, as Dr. Baumlin suggests. Though widespread education around the many genetic and other factors that may contribute to such conditions have led to some degree of destigmatization in many communities, we have a long way to go. Patients may additionally request restrictions for reasons other than stigma — for instance, a professional athlete may want to limit those who know about an injury, or an individual may want to seek a second opinion without the introduction of bias.


In addition to HIPAA, which gives the covered entity the right to approve or decline a patient’s request for restrictions, and 42 CFR Part 2, which safeguards data from federally funded substance use disorder clinics, there are a multitude of state laws that protect an individual’s right to privacy over certain parts of his or her health information. Such protections have been instilled in Western medical practice for more than two millennia, since the Hippocratic oath first formally established the importance of privacy for the establishment of trust between patient and clinician to ensure the provision of good care.

Yet, as data sharing has increased over the past two decades, patients who feel the need to protect the privacy of their personal health data have few technical options to do so. Frequently, their only choice is to shut off data sharing entirely — a blunt solution to a very nuanced problem. Moreover, organizations may enact this algorithmically for certain populations in order to comply with state and federal law.

In this, I very much agree with Dr. Baumlin: Not sharing any data precipitates lower quality care than providing at least some or most data. Yet, in our current interoperable ecosystem, without the ability to granularly segment data, this is the only option we are giving patients. Moreover, we are inadvertently creating inequities in which patients with sensitive data may have none of their data shared (and therefore receive lower quality care) compared with patients who do not have sensitive data and can freely share their information, therefore receiving the highest possible quality of care.

Dr. Baumlin’s concern for patient safety is a reasonable one; if we don’t know a patient’s history or the medications they are taking, harm can ensue. However, I would counter that as we continue to open up the interoperability pipelines and only give blunt opt-out choices, patients quickly learn that once they disclose information, it accompanies them wherever they go — for better or for worse. For many patients, this is a great advancement. But for others, particularly those from historically marginalized communities or who have had experiences with the health care system that have bred mistrust, this is already leading to nondisclosure of important information or the election to block sharing of all information in a blunt manner.

It should be noted that the HTI-1 NPRM is doing nothing further than proposing a computable framework and potential standards within the HIPAA Privacy Law that already exists. As it stands today, a patient could walk into their covered entity’s Health Information Management department and ask to restrict their records from disclosure, though this would need to be accomplished either by paper redaction or by the blunt technical means mentioned above.

I might go a step further than the NPRM to suggest that, in light of the spirit of the 21st Century Cures Information Blocking Rules that put patients’ data back in their own hands, perhaps we should legislatively eliminate this gatekeeper. In either case, patients would need to be provided with informed consent as to the potential risks of not sharing their data, and organizations would need implementation guidance.

The industry would additionally need a multidisciplinary assessment of the safety and ethics of such an approach and its impact on health equity. For these reasons, a national task force governed by the American Medical Association, American Academy of Pediatrics, Healthcare Information and Management Systems Society Electronic Healthcare Records Association, Integrating the Healthcare Enterprise USA, Drummond Group, and ONC (ex-officio) has convened 300 expert stakeholders to explore how to move this complex issue away from the blunt and toward more nuanced, equitable solutions. We welcome Dr. Baumlin to participate.

Hannah Galvin, MD, FAAP, FAMIA, is chief medical information officer and a practicing pediatrician at Cambridge Health Alliance in Cambridge, MA. She is an assistant professor of medicine at Tufts University School of Medicine and member of the faculty at Harvard Medical School. Dr. Galvin is a GAO-appointed member of the ONC Health IT Advisory Committee, and is co-founder and co-Board chair of Shift, an independent health care task force for equitable interoperability. She is Board Certified in Pediatrics and Clinical Informatics.