Nextgov

As the country lurches toward a future in which electronic medical records have replaced stubbornly persistent paper files, resolving the question of how much control patients should have over digital documents continues to be a sticky wicket.

A key government advisory panel on healthcare information privacy has yet to resolve whether patient control and consent "is a right or merely an interest," reports Modern Healthcare.

Although the role of patients is often a main focus of the privacy and security debate, the chair of the Privacy and Security Workgroup of the Health IT Policy Committee, Deven McGraw, said that making patient consent the linchpin of healthcare information privacy would be bad policy "because then you've asked the patient to bear that burden."

The work group, reports Modern Healthcare, recommended three actions to the committee:

Construct specific privacy and security-protection policies and technologies in all forms of electronic health information exchange, and implement principles of the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, which was issued in the waning days of the George W. Bush administration.

Encrypt messages, even in one-to-one information exchanges, and limit potentially identifiable information used to identify patients and their records and in electronic communication.

Enforce these "strong" new policies so that there is no need for "any additional individual consent beyond what is already required by current law."

The bottom line, McGraw said, is that consent "is just one piece of a bigger puzzle."