Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-35329

Concern over patient race and ethnicity data being shared for non-treatment purposes

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Highest Highest
    • US SDOH Clinical Care (FHIR)
    • current
    • Patient Care
    • STU
    • SDOHCC Observation Ethnicity OMB
      SDOHCC Observation Race OMB
    • Hide
      Guidance related to collection and use of patient data should be addressed at a higher level than the Implementation Guide. This is an area being addressed the ONC, HL7 and the Office of Civil Rights (OCR). In the future, the IG can be updated as these parties develop guidance on this issue.
       
      For now, the “Workflow and Managing Consent” section of the IG (https://trifolia-fhir.lantanagroup.com/igs/lantana_hapi_r4/sdoh-clinicalcare/exchange_workflow.html#workflow-and-managing-consent) has the following statement to address disclosure and use of personal/SDOH data:
      The Office of the National Coordinator (ONC) and HL7 International (HL7), and the Office of Civil Rights (OCR) (this is not an exhaustive list) have active programs in place to determine what needs to be done to protect all personal information (including SDOH) from inappropriate disclosure and use. In this version of the IG, we are providing a specification for a FHIR Consent resource that should be exchanged between a Covered Entity and a Business Associate (BA) when the patient has authorized the BA to release their information to a non-HIPAA covered entity. While this is not a complete treatment of the issues related to consent, it is a starting point to test the viability of exchanging consent information. Future versions of this IG will incorporate additional technical standards to support the protection and authorized release of SDOH information as they are developed by the ONC, HL7, and OCR.
       ** 
      Additionally, this will be added to the section on Draft Specifications for Personal Characteristics: 
      In general, personal characteristics data is sensitive personal information with significant privacy and security considerations. Laws vary on the extent to which this data can be disclosed. Before exchanging personal characteristics data, regulatory and policy considerations related to consent and exchange of this data should be understood. Guidance as to the necessary privacy, security, and consent requirements related to the exchange of this data is beyond the scope of this implementation guide. Implementers should understand and abide by their local requirements.
      Show
      Guidance related to collection and use of patient data should be addressed at a higher level than the Implementation Guide. This is an area being addressed the ONC, HL7 and the Office of Civil Rights (OCR). In the future, the IG can be updated as these parties develop guidance on this issue.   For now, the “Workflow and Managing Consent” section of the IG ( https://trifolia-fhir.lantanagroup.com/igs/lantana_hapi_r4/sdoh-clinicalcare/exchange_workflow.html#workflow-and-managing-consent ) has the following statement to address disclosure and use of personal/SDOH data: The Office of the National Coordinator (ONC) and HL7 International (HL7), and the Office of Civil Rights (OCR) (this is not an exhaustive list) have active programs in place to determine what needs to be done to protect all personal information (including SDOH) from inappropriate disclosure and use. In this version of the IG, we are providing a specification for a FHIR Consent resource that should be exchanged between a Covered Entity and a Business Associate (BA) when the patient has authorized the BA to release their information to a non-HIPAA covered entity. While this is not a complete treatment of the issues related to consent, it is a starting point to test the viability of exchanging consent information. Future versions of this IG will incorporate additional technical standards to support the protection and authorized release of SDOH information as they are developed by the ONC, HL7, and OCR.  **  Additionally, this will be added to the section on Draft Specifications for Personal Characteristics:  In general, personal characteristics data is sensitive personal information with significant privacy and security considerations. Laws vary on the extent to which this data can be disclosed. Before exchanging personal characteristics data, regulatory and policy considerations related to consent and exchange of this data should be understood. Guidance as to the necessary privacy, security, and consent requirements related to the exchange of this data is beyond the scope of this implementation guide. Implementers should understand and abide by their local requirements.
    • Bob Dieterle / Laura Heerman-Langford : 8-0-0
    • Clarification
    • Non-substantive

    Description

      Feedback on the use of race and ethnicity data in general for which this value in the value set for Observation.method provides an example: • "administrative" - The definition for this value is: Identifies that the information about the subject was collected by an organization for administrative reasons not directly related to obtaining healthcare or health insurance.
      Comment: The American Medical Association generally supports voluntary data collection efforts in attempts to improve health equity and outcomes and reduce disparities. However, patient privacy, autonomy, and personal preferences are of the utmost importance and must be preserved; even in recognizing the need to share data for public health purposes (including public health emergencies) we are careful to recognize the need to narrowly tailor such disclosures. The AMA is particularly wary of race and ethnicity data being shared with individuals or entities (including those within the health care system) for non-treatment purposes, including payers, Big Tech, and government entities. Prior to collecting race and ethnicity data, implementers and health care providers (including clinicians) must be prepared to answer questions around why race and ethnicity data are being collected, how such data will be used and shared, and by whom. Data collection and privacy protection practices should be developed concurrently to prevent the creation and exacerbation of health inequities. Part of this involves careful attention to how terms are defined and who defines them. For example, do we want tech companies or public health authorities and clinicians defining what "public health" is for purposes of data disclosure? When should race and ethnicity data be disclosed to government agencies or law enforcement, particularly as we all become more aware of the disparate treatment of individuals by certain governmental entities based on the color of their skin or national origin? When is individually identifiably data truly necessary to accomplish a stated purpose as opposed to aggregate or disaggregated data? Bearing in mind that algorithms are built on data sets that embed the racist structures in which they were created, will the collected race and ethnicity data be used to fuel machine learning and augmented intelligence tools that perpetuate inequities? 

      Attachments

        Activity

          People

            Unassigned Unassigned
            molly.malavey@ama-assn.org Molly Reese (Inactive)
            Corey Smith, Molly Reese (Inactive), Monique van Berkum
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: