The Oklahoma Health Information Exchange is designed to improve patient care coordination by streamlining access to medical records for providers. But the initiative has prompted concerns among local counselors and mental health professionals, who worry about potential privacy breaches and the disclosure of sensitive patient information.
Why it matters:
The Oklahoma Health Information Exchange, established by Senate Bill 574, aims to improve care coordination between providers by making patient records easily accessible. However, the legislation has raised concerns among local counselors and mental health providers about client privacy and the importance of ensuring HIPAA compliance in the digital age.
The big picture:
- Oklahoma State Health Information Exchange is operated by the Tulsa-based nonprofit MyHealth.
- While the system claims to be HIPAA compliant, some local counselors believe it could be harmful, particularly regarding sensitive mental health and substance abuse treatment records.
- The Oklahoma Health Care Authority is working to ensure best practices and privacy safeguards, including HIPAA compliance.
HIPAA compliance and data security:
- The Oklahoma Health Information Exchange must adhere to HIPAA regulations to ensure the privacy and security of patient data.
- Securing data online is critical to protecting sensitive patient information from potential breaches, hacking, and unauthorized access.
- The exchange must demonstrate robust security measures, including encryption, access controls, and regular audits to ensure compliance.
What they’re saying:
Emily Mick, the owner of Upstream Counseling Services, told the Norman Transcript, “Behavioral Health Care has extra protections in HIPAA and is often not included in any kind of health information exchange system, because mental health records and substance abuse treatment records are very sensitive.”
Kevin Corbett, CEO of Health Care Authority, said no personal information will be submitted without patient consent. “They need written consent to do that. If they do not have that written consent, then that information does not flow. It stays at the provider’s office.”
The state of play:
- Mental health providers have formed the Oklahoma Providers for Privacy Coalition and are seeking an exemption from the exchange.
- Counselors and providers have raised concerns about the security of the online information, citing recent hacking incidents and potential dangers of making mental health treatment records accessible to anyone in the system.
- The Oklahoma Health Care Authority has amended its board meeting to address these concerns and explore solutions that balance privacy with the benefits of the health information exchange.
Related: Cerebral’s sharing of patient data with tech giants raises trust concerns
Privacy is paramount:
- Addressing privacy concerns in the Oklahoma Health Information Exchange involves ensuring secure communication channels between patients and their healthcare providers, including mental health counselors.
- Providers can maintain privacy and protect patient data during transmission by obtaining patient consent before sharing sensitive information and using secure communication methods, such as HIPAA compliant email.
- By emphasizing the importance of secure communication and respecting patient privacy, the exchange can build trust with mental health professionals and their clients, demonstrating a commitment to adhering to regulatory requirements and safeguarding sensitive information.
The bottom line:
The Oklahoma Health Information Exchange presents a unique challenge: balancing the need for improved care coordination between providers with the privacy concerns of mental health professionals and their clients. Ensuring HIPAA compliance, securing data online, and using HIPAA compliant email solutions are critical steps in maintaining trust and protecting sensitive patient information.
Related: 9 ways to securely store and share patient therapy notes