Adolescent Data Needs Stronger EMR Protections, Group Says

Posted on November 13, 2012 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or

The American Academy of Pediatrics is calling for changes to EMRs to protect the privacy of adolescent patients, whom, it says, don’t currently get the same level of protection as adults.

According to the AAP, there are several reasons adolescents don’t enjoy the same privacy protections as adults.

For one thing, there are the legal issues. HIPAA doesn’t provide specific guidance on adolescent privacy, and the medical industry hasn’t put clear standards in place outlining when adults can access an adolescent’s health records either.

What’s more, states vary in how they handle this issue, according to the AAP report. State laws typically allow minors to consent for their healthcare on the basis of their status — for example, if they’re a pregnant or parenting teen — and on the basis of the services they seek  — such as STI diagnosis and treatment or contraception. However, while state and federal laws provide protection of privacy when minors  consent for their own care, privacy protections differ widely.

To make sure adolescent privacy is protected across all data platforms, the AAP is recommending a set of principles that it feels should ideally govern not only EMRs, but also PHRs and HIEs. These include :

*  Creation of a set of criteria for EMRs that meet adolescent privacy standards

*  Creating and implementing technology for EMRs which would allow determination of who has access to, or ability to control access to, any part of the adolescent medical record.

* Making it possible for adolescents to record consents and authorizations according to privacy laws using the HL-7 Child Health Profile DC.1.3.3 standard

*  Flexibility within standards to allow for protection of privacy for diagnoses, associated lab tests, problem lists and any other documentation containing confidential data.

* EMR systems must be able to apply state and federal confidentiality rules when assembling aggregate data to prevent identification of individuals.

The AAP has a lot more to say, but in summary, it seems to be putting the burden for protecting adolescent privacy largely on EMR vendors, though I believe it’s hoping members will advocate for these changes as well.

Either way, it doesn’t work well if there’s a protected class (certain adolescents) whose rights simply can’t be protected adequately with today’s technology.  Time to get on this issue, I’d say.