​Privacy Issues/EMRs/HIPAA

• Given the long-standing health effects of IPV, Health Information Technology is invaluable in coordinating between providers and providing seamless coverage to manage these long-term health effects.
• Personal and sensitive health information should be de-identified whenever possible
• Individuals should have the right to access, correct, amend, and supplement their own health information.  For IPV victims, the ability to review records may increase trust in a provider and a deeper understanding of how her confidentiality is being protected. 
• Individuals should receive notice of how health information is used and disclosed, including specific notification of limits of confidentiality.  We underscore the necessity for reminders being sent per patient preference.  It is critical that providers do communicate with patients per the patient preference, as there are real safety and privacy concerns to be considered.  All patients who disclose IPV should be offered preference on how or if follow up communication should take place, and no mention of DV verbally or in writing should be made in the follow up reminders.  Victims should be permitted to provide alternative contact information for different types of communication.  If a woman receives her insurance coverage through her husband’s employer, his address and email may be primary on the account.  She should never be required to have communications go to someone other than who she chooses.
• Providers must offer and respect patient’s choice of communication preferences, including by phone, by email, etc., and under what circumstances.  This should be built into the EMR as mandatory fields.
• Privacy safeguards and consents should follow the data.
• Providers should have broad discretion to withhold information when disclosure could harm the patient.
• There should be strong and enforceable penalties for violations of privacy and consents both in a clinical setting and across information exchanges.