Consumer Watchdog has raised concerns over a California HIE and potential patient privacy concerns.

When implementing a new electronic health record (EHR), patient privacy and security issues should be a top priority for healthcare organizations. For example, individuals want to know that their protected health information (PHI) is secure, and that a facility is HIPAA compliant.

Without two-way communication between a provider and their patients, certain security measures might not be entirely clear. Blue Cross and Blue Shield is currently under fire for its California Integrated Data Exchange (Cal INDEX), an electronic health information exchange that is collecting patient records from healthcare providers and health insurers, letting them share patients’ health information.

According to Consumer Watchdog, Cal INDEX has an unclear definition of how it is handling patient privacy.

“If the exchange will do so much to benefit our health care, Cal INDEX should make that case and ask us to opt in,” Consumer Watchdog Privacy Project Director John M. Simpson said in a statement. “Instead, Blue Cross and Blue Shield are telling enrollees they can opt out during the busy holiday season when we are all distracted.  Worse, Cal INDEX fails to clearly explain its privacy protections and how it will operate. Consumers can’t make an informed decision based on what they’ve said so far.”

Cal INDEX needs to be more transparent about its purposes, according to Consumer Watchdog, and be clear in how it might share patients’ medical records. While BCBS is already collecting individuals’ medical information for Cal INDEX, the organization has not yet made its privacy policy public, Consumer Watchdog explained. The two insurers have been notifying policyholders by mail and email that they have a right to opt out of having Cal INDEX share their records, stated Consumer Watchdog.

“No consumer yet has enough information to decide whether to opt into Cal INDEX,” said Simpson. “The best privacy protection for now is to opt out.  You can always opt in when they make it clear what the benefits and protections will be.”

Consumer Watchdog also listed 10 questions that it wanted Cal INDEX to clarify, covering issues like whether or not patients can opt in and then change their mind, and if they will be able to see everything that the HIE collects about their medical histories.

Patient privacy will likely continue to be a major topic in the healthcare industry, especially with recent reports showing that more individuals desire access to their own records. Between 2011 and 2014, patients’ online access to EHRs has nearly doubled, according to the National Partnership for Women & Families.

Moreover, the research showed that patients with online access to EHRs trust their providers significantly more than patients with EHRs but without online access. While the study did not specifically discuss the patient privacy measures undertaken by these providers and their subsequent EHRs, organizations need to be aware of their security policies. Clear communication with patients will help both parties when it comes to keeping PHI secure.