EHR data provides rich insights about a population that public agencies may benefit from greatly, however special attention must be paid to HIPAA when requesting and sharing such data.
To help break down confusion, the deBeaumont Foundation and Johns Hopkins University collaborated to create an example case and legal analysis report titled "Using Electronic Health Data for Community Health." The report demonstrates asthma as a specific case in which EHR data may benefit, and it lays out how public health agencies can ensure they abide by HIPAA when requesting data from community members.
Here are four recommendations for agencies looking to use EHR data to address public health issues.
1. Define key public health issues and goals with broad community support. Agencies should first define critical issues and rally support of these issues by discussing them with the public. "It is rarely persuasive to ask anyone to share data for the sake of sharing data," the report reads.
2. Develop a data request with a clear explanation, plan for privacy protection and plan for data use. Data requests that are more specific make it possible for others to weigh its value and participation cost. "It may be helpful to engage with key sources of data as the request is developed to be sure that what is requested is feasible," according to the report.
3. Obtain legal review to assure key participants of compliance with HIPAA and other applicable state and local laws. A comprehensive legal review ensures plans are compatible with HIPAA standards.
4. Provide public engagement on the purposes, use and protection of data. Engaging the public fosters transparency about plans for data sharing and public health action. The report recommends agencies create and implement an engagement strategy to strengthen support for actions that improve health outcomes.
Click here to access the full report.