There are a lot of unknown issue around Health Information Exchanges when it comes to HIPAA security and privacy. A recent whitepaper by ID Experts and the American Hospital Association explores a lot of these still grey areas.
We know that electronic health records (EHR) and health information exchanges (HIE) offer new ways to collaborate and share information. However, we do not fully know all the risks to information security and patient privacy that electronic health records and health information exchanges create. For example:
- If a breach at another institution exposes patient information you provided to an HIE, what is your liability for the exposure?
- Where should the lines be drawn between security and privacy—if a medical professional has authorized access to an electronic patient record, should he or she be able to access all the information in it?
- Will the security and privacy policies and systems developed to protect information from unauthorized users make it impractical for patients to review their own medical records?
You can download the whitepaper here: “Preparing for the Security and Privacy Risks that are Engendered by Health Information Exchanges and Electronic Health Records”