Minn. lawmakers gutted, not updated, patient privacy laws

Let's be clear. Minnesota legislators did not update patient privacy laws, as stated in "Minnesota will require EHRs by 2015." They began the process of gutting them.

State legislators reduced Minnesota's strong privacy laws at the request of state health officials who led the lobbying effort. Specifically, the Legislature authorized the development of a central online location for patient identifying information and a micro medical history of each patient that includes the location of their medical records. They authorized what could be called a Master Patient Index for Minnesota. They disallowed patient consent for the online placement of this data (name, address, Social Security number, cell phone number, work address, etc.) in a central registry. They require patient consent for provider access to the registry, but it doesn't have to be written consent, and it doesn't have to be informed consent. And once patients give consent, it's permanent, unless the patients find out their doctor, pharmacist, dentist and every employee of the hospital can now see their every medical move and protests. Although patients can retract their consent in writing, the law doesn't require them to be told they can.

The Legislature also allowed the very controversial representation of patient consent to be sufficient for the sharing of patient data. No actual proof of consent needs to be provided before medical records are sent to another provider.

Before the 2007 session, Minnesota patient consent laws were very strong. Health information technology advocates -- government, health plans, large employer groups -- successfully reduced patient consent rights considerably, paving the way to future broad access, sharing and use of private online patient data without patient consent.

Anonymous