Your Data, your Property: Rules now in Place to help Patients to their own Lab Data.

It used to be when you the patient came from your doctor’s office, you had access to any and all information that you needed for your health.  Your blood lab results, your weight and blood pressure, and any types and amounts of medications you were prescribed.


With the advent of HIPAA in 1996, and EMRs over the past few years, it has become harder to obtain your health information under the maze of layers of bureaucracy.


However, a ruling by the Clinical Lab Improvement Amendments of 1988 (CLIA) from CMS (Medicare) has opened the door for patients to receive personal information easier.  This allows the results of test reports to be transmitted to persons or entities designated by the individual patient.  Meaning – you can have your lab reports sent to your Chiropractor, or results of office visits sent to your dietician.


The maze of bureaucracy has bogged down the use of health information for over a decade now.  Back in 1990s Clinton signed into law HIPAA, and it essentially ushered in the era of electronic records.  However, in the thrust to keep records “secure”, patients themselves found it difficult to get copies of their records for themselves, and nearly impossible to have records transferred to other professionals.


Why is this so hard?  Here’s a sample:  Under the current CLIA guidelines, (section 493.1291(f) regulations), CLIA labs may only disclose test results to three categories of individuals or entities:


a.       The authorized person
b.       The person responsible for using the test results in the
context of their medical treatment, and
c.        The laboratory that initially requested the test.


Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act of 2009 incorporated the Health Information and Economic and Clinical Health (HITECH) Act.  This created a committee known as the HIT Policy Committee – and provided recommendations on records to the Department’s Office of the National Coordinator for HIT on issues of health information.  This committee works for health policy experts, health information exchange organizations (HIOs) and providers who believe that changes need to be made in the way patients can access their own health information.  

Therefore, the CMS has worked with HIOs, the CDC, and the office of Civil Rights (OCR) to propose changes to CLIA regulations and HIPAA regulations to remove barriers to an individual’s access to his or her own test reports from any laboratories.  This CLIA report is over 40 pages long.  It is another healthcare monstrosity.


The last paragraph alone should send chills down the back of any patient who simply wants to know their laboratory data in the context of making better health decisions for themselves and their families.  Talk about being bogged down in the matrix.  There is a better way.


Companies such as StepOne Health, Theranos, and others in Silicon Valley have changed the way we think about blood lab companies.  StepOne Health uses the membership concept where patients can join the community, get discounts on labs, get the information they need from the web site, and obtain reimbursement from their health plan just as they would if they obtained the referral from their doctor.  The difference here is that they are in charge of the decision-making process, and work with StepOne Health regarding finding a lab, getting the procedure done, and having access to not just the data, but to health professionals who discuss their lifestyle options based on the results of their lab tests. Medhealthfit is proud to be a partner with StepOne Health to introduce their product to the health and fitness marketplace.


Theranos allows patients to have blood labs done in a unique method – finger sticks.  They have forgone the element of venipuncture for a more self-monitored method.  The results of a couple of drops of blood onto their sensors is a big change from current standards.  


The kicker to much of the secrecy of patient information is that in reality almost none of it is really secure.  Every week in American we hear about breaches to secure data in companies such as Wal-Mart, Target, and large credit companies such as Global Payment Systems, and medical institutions such as Anthem insurance.  A 2014 report on 60 Minutes revealed that in the effort to digitize health records, many physician offices scanned them from their copy machines.  It came to pass that almost all copy machines have a recording devise in them - which acts as a hard drive – essentially keeping an electronic copy of each scan independent of what has been sent as a PDF or other electronic file.  These machines are purchased used, and the hard drive devises are taken out and information is extracted from them.  Between hacks and other methods, patients should be very wary of how the government and private industries “protect” patient information at any level.  If it is indeed as valuable as financial information – there will be a way to steal it.

As companies on the web make data available to patients and consumers – they need to make sure that security companies, the government, and corporations you are doing business understand that it is your data, and you have the right to do with it what you want.
 
References


https://www.federalregister.gov/articles/2014/02/06/2014-02280/clia-program-and-hipaa-privacy-rule-patients-access-to-test-reports
 

http://www.healthdatamanagement.com/news/rule-gives-patients-right-to-test-results-from-labs-47202-1.html
 

http://www.golocalprov.com/news/10-big-companies-with-recent-major-security-breaches
 

http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/