Mind Uncharted Explore. Discover. Learn.
Privacy Concerns Arise over Oklahoma State Health Information Exchange
Local counselors are expressing concern over client privacy as legislation requiring health care providers to enter patient records into an online database takes effect in Oklahoma.
The Oklahoma State Health Information Exchange: Implementation and Cost
Senate Bill 574, passed in 2023, established the Oklahoma State Health Information Exchange, while SB 1369, passed in 2023, created the Office of State Coordinator for Health Information Exchange to manage the exchange. According to a fact sheet provided by the Oklahoma Health Care Authority, beginning July 1, 2023, licensed health care providers will be required to join the exchange by paying a $5,000 fee. The exchange, operated by Tulsa-based nonprofit MyHealth, is an information database that allows for the sharing and accessibility of patient healthcare records among participating providers.
Intention and Benefits of Health Information Exchanges
The intention of health information exchanges is to improve care coordination by allowing all providers access to a patient’s medical records, thus reducing redundancies in treatment and improving the overall quality of care. However, some counselors are worried that the exchange’s design could potentially harm clients’ privacy.
Privacy Concerns around Mental Health Records
Emily Mick, owner of Upstream Counseling Services, and other counselors have expressed concern about the exchange’s impact on the privacy of mental health records. Mick notes that mental health records and substance abuse treatment records are sensitive, and as such, behavioral health care has extra protections under federal law. She worries that making these records accessible to anyone in the exchange could be dangerous and could impact vulnerable populations the most.
HIPAA Compliance and Privacy Safeguards
The Oklahoma Health Care Authority has stated that the exchange is HIPAA compliant and that appropriate privacy safeguards are in place to protect patient information. Christina Foss, deputy chief of staff for the Oklahoma Health Care Authority, assures the public that providers and patients have control over what data they share, and sensitive information is withheld by providers who mark a chart or note as sensitive. She also notes that any care or services covered under 42 CFR Part 2 are excluded from data transmission, and psychotherapy notes from any provider are marked as sensitive and excluded from transmission to the HIE.
Request for Exemption and Security Concerns
Despite such assurances from the Oklahoma Health Care Authority, mental health providers have formed the Oklahoma Providers for Privacy Coalition to request exemption from the exchange. Concerns have also been raised about the security of online patient information, given recent incidents of data breaches. Foss has stated that patient-specific data will only be available to healthcare providers involved in a patient’s care and that data used for public health purposes would be aggregate and require approval from the security governance committee.
Conclusion
The Oklahoma Health Care Authority’s board of directors will meet on March 22 to establish permanent rules. While the information exchange is designed to improve care coordination and quality of care, counselors worry that potential privacy risks could disproportionately impact vulnerable populations such as women and minorities. The Oklahoma Providers for Privacy Coalition continues to advocate for the protection of mental health records, and mental health providers are seeking exemption from the exchange.
