Preserving privacy while promoting interoperability in healthcare

Increasing interoperability in healthcare is a positive step – but one that requires paying attention to patient privacy issues.
interoperability in healthcare

The 21st Century Cures Act (Cures), passed in 2016, aims to make health data more accessible by improving interoperability standards and prohibiting information blocking. However, with its focus on increased data sharing, the question of data privacy was not sufficiently addressed in the legislation. Below we discuss how terminological solutions can help physicians preserve patient privacy in this new age of interoperability in healthcare.

Insufficient regulations

There are some exemptions to the information blocking prohibition. For instance, if sharing would violate the Health Insurance Portability and Accountability Act (HIPAA), it would not be considered information blocking. HIPAA protects privacy by requiring covered entities to receive patient authorization before sharing records.

However, HIPAA was written at a time when whole records were transmitted by fax. The advent of electronic health records (EHRs) introduced a multitude of sharing capabilities, including the ability to share discrete pieces of the record. However, to comply with HIPAA, many healthcare providers resort to an “all-or-none” approach. In other words, they require patient consent otherwise none of the record is shared. This can lead to disparities in care for those who wish to withhold only some of their data.

Maintaining privacy requires precision

What we need is a way to label specific information as private. HIPAA’s Privacy Rule only requires providers to obtain additional consent to share psychotherapy notes. Yet there are many cases where a patient would want other pieces of their health record to remain private.  

For example, a provider may encounter a teenage patient who wants to keep her sexual health data private. This includes a pregnancy test, a prescription for oral contraceptives, and an STD diagnosis. However, her parents have access to her portal to manage her diabetes and asthma. The challenge then becomes how to ensure that her sexual health information is redacted on the patient portal but remains accessible to her physician.

Currently, there is no universal definition of what should be considered private or sensitive. To that end, several stakeholders have come together to form the Protecting Privacy to Promote Interoperability (PP2PI) workgroup, which is tasked with creating a standardized list of sensitive conditions. However, all related data would also have to be flagged as sensitive by default. This could then alert the physician to obtain consent to share or display the data.

To do this, one would need a well-defined list and a way to flag all associated data. This would include information related to diagnoses, medications, tests, and labs – among other things – which are dispersed throughout the EHR. Finding and flagging this information manually would be highly burdensome.

Terminology’s role

Using a robust, highly granular clinical terminology can make this process much easier. Terminological solutions work because they link concepts to standard codes, which can then be used to find specific data. Problems and diagnoses may be required to be coded with SNOMED CT® or ICD-10-CM, while labs and results use LOINC. Some code sets are too broad, making it difficult to slice out specific data. Therefore, sensitive clinical concepts should be recorded at the highest level of specificity before coding to allow for privacy flagging.

Today, much of clinical coding takes place post-encounter. However, for the privacy use case data needs to be mapped to codes as soon as it enters the EHR. This is important because data metastasizes – or propagates to other parts of the chart – once entered into the EHR. This can result in private information appearing in various locations, like the after-visit summary, billing statement, and patient-facing portals. By using terminology with automatic mappings to multiple code sets, clinical data can be coded and tagged as private as soon as the physician enters it into the EHR and before it moves to additional locations.


Applying these tools alone cannot ensure that specific data remain private. However, it can provide the foundation for information systems to selectively display or share patient information based on privacy. Once we agree on what data is sensitive, the health IT industry can provide solutions for those hoping to strike a balance between patient privacy and patient care. Until then, healthcare providers and hospitals will continue with all-or-none approaches in order to comply with HIPAA and the prohibition on information blocking.

Ideas are meant for sharing.

Sign up today and have Ideas delivered straight to your inbox.

Related Ideas