ACO Security Issues

Posted on September 26, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Leave it to the people at Healthcare Info Security to take a look at the security issues that are associated with an ACO. They do so in an interview with Bill Spooner, CIO of Sharp Healthcare. Here are some of the quotes from the interview which really resonated with me:

To deliver more coordinated care, collaboration and data exchange among ACO participants are vital. And participants “need to ensure that patient privacy is honored, and that all security provisions are in place,” Spooner says in an interview with HealthcareInfoSecurity.

And this one about ACO Information Sharing needs and patient privacy:

“The ACO model tends to elevate the attention on information sharing. … And along with that comes the need to ensure patient privacy is honored so that records are only shared with providers that patients want their information shared with, and that security provisions are put in place,” Spooner says.

I think Bill Spooner elegantly describes how healthcare institutions should handle patient privacy in everything they do, including ACOs. I like the idea of honoring patient privacy.

Let me make a few suggestions on what healthcare institutions and ACOs can do to honor patient privacy. I think there are two things that patients fundamentally want in regards to the privacy of their health information. They want to be informed about its use and control.

Informing Patient Information Use
The reality for the large majority of patients is that they want their medical providers sharing their information. I don’t know anyone who wants their health information kept private when it could provide them better care. I imagine there are some outlier cases, but the majority of people actually assume that doctors are sharing their health information already.

What patients want from doctors and in this discussion ACOs is transparency on when and what information is being shared. Is that too much to ask? I don’t think so and it’s the right way to honor patient privacy is to provide a way for the patient to be informed on where and when their health information is being shared.

Controlling Health Information Sharing
Some might say that we’re becoming a nation of control freaks. I’d argue that we don’t all want to be control freaks, but we do want that option available to us if so desired. As I said in the previous point, most patients want their information shared because they realize that they’ll get better, lower cost, more effective patient care if their doctors have all of their health information. However, one thing we hate as Americans is not having the choice of whether that sharing happens or not.

What does this mean? It means that you’ll provide patients the opportunity to restrict their health information from being shared and then almost no patients will use that function. Patients want the knowledge that they can stop health information sharing more than they want for their information to not be shared. It’s a subtle difference, but is another key to honoring patient privacy.

What other things can ACOs and healthcare organizations do to ensure that they’re honoring patient privacy?