Part IV – Syndromic Surveillance
As previously mentioned, Meaningful Use is administered by the Office for the National Coordinator for Health IT and sets the criteria for Electronic Health Records. This criteria was set as of April 2015.
Previous requirements for Syndromic Surveillance
Previously, syndromic surveillance was done looking for large numbers of people with similar symptoms in order to be able to rapidly identify an outbreak, such as anthrax, should there be a terrorist attack, or perhaps a rise in people presenting with flu symptoms. The main presenting complaint would be sent without any identifying information. Should the CDC or other entity wish to pinpoint a particular patient, they would contact the transmitting organization and discuss the method by which they could contact the patient. Privacy was not entirely assured, but at least it was relatively well protected.
New Guidelines for Syndromic Surveillance
Now the guidelines have changed. Providers are advised that they need not ask patients’ permission to transmit syndromic surveillance information and demographic information because it is a public health matter. Under HIPAA, it is not necessary to ask permission for sharing Public Health data.
This is a link to the guide for syndromic surveillance for Meaningful Use as of April, 2015. Reporting is currently optional, but clearly, this is not the intent for the future.
This information in red is taken from the guide. It details what information is supposed to be transmitted by electronic health records. Recall that this is without the need for any patient permission.
This Guide is intended to facilitate the exchange of patient clinical encounter records for syndromic surveillance purposes between different systems. This includes:
Sending for all patient encounters
Treatment facility information
Limited personal identifiable information
Demographic information about patients
Diagnostic and pre-diagnostic information
Vital measurement information
Risk factor and other information
Acknowledging message receipt
Transmission of all of this information leaves little left to need to protect for patient privacy
As previously mentioned, all of this detailed information only makes it more and more likely that all healthcare information about a patient will be fully identified using Big Data techniques and be available for the taking.
If you find this unacceptable, like I do, please contact your Representative and Senators and ask them to insist on reverting to de-identified reporting with very little detail provided or to ASK permission to provide more detail about you and your complaints before transmitting it to others.
Here is a link to help you find the address and telephone number of your Representative or Senators and contact Tom Price.
Nancy Anthracite, MD