Sharing Patient Information, Easy/Difficult?


Answer:  Difficult

In theory, a patient can indicate what information can/cannot be divulged to individual 3rd parties.

What counts for a patient are items of information (show symptoms/do not show symptoms) per 3rd party recipient. Some agencies have 200 forms with 50 data items per form (many of which are duplicated across forms) and 400 trading partners. Fortunately, only a few of these have links to any individual patient.

So,the first cut is whether a particular trading partner has an established relationship with a patient.

To implement data sharing, you would basically have to do pick an eligible 3rd party recipient, pick a form and then do 50 lookups – if any one of these is a no-show data element, you would have to mask it or not send the form.

It gets worse for “documents” which, in some cases, will be narratives consolidating data items from multiple forms /structured data collection devices with no way of telling where the data elements came from – each word in the document other than language constructs would need a hyperlink back to the item that contributed that word. Then we have pictures/images etc.

It would take hours with a patient to record the data elements they are willing to share with all possible 3rd party recipients and you would then need to set up a complex masking matrix.

Accordingly, the only safe course of action when a request for a form/document comes in from some 3rd party is

1) contact the patient

2) ship the patient via a secure data channel what you plan to send to the identified 3rd party

3) patient signs a one-time release for the material.

4) you log the disclosure

5) you then send the information to the intended recipient.

This becomes very tedious, so most agencies seek general releases of information.


Management consultant and process control engineer (MSc EE) with a focus on bridging the gap between operations and strategy in the areas of critical infrastructure protection, major crimes case management, healthcare services delivery, and b2b/b2c/b2d transactions. (C) 2010-2019 Karl Walter Keirstead, P. Eng. All rights reserved. The opinions expressed here are those of the author, and are not connected with Jay-Kell Technologies Inc, Civerex Systems Inc. (Canada), Civerex Systems Inc. (USA) or CvX Productions.
This entry was posted in Compliance Control, FIXING HEALTHCARE. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s