ACO Security Issues

Leave it to the people at Healthcare Info Security to take a look at the security issues that are associated with an ACO. They do so in an interview with Bill Spooner, CIO of Sharp Healthcare. Here are some of the quotes from the interview which really resonated with me:

To deliver more coordinated care, collaboration and data exchange among ACO participants are vital. And participants “need to ensure that patient privacy is honored, and that all security provisions are in place,” Spooner says in an interview with HealthcareInfoSecurity.

And this one about ACO Information Sharing needs and patient privacy:

“The ACO model tends to elevate the attention on information sharing. … And along with that comes the need to ensure patient privacy is honored so that records are only shared with providers that patients want their information shared with, and that security provisions are put in place,” Spooner says.

I think Bill Spooner elegantly describes how healthcare institutions should handle patient privacy in everything they do, including ACOs. I like the idea of honoring patient privacy.

Let me make a few suggestions on what healthcare institutions and ACOs can do to honor patient privacy. I think there are two things that patients fundamentally want in regards to the privacy of their health information. They want to be informed about its use and control.

Informing Patient Information Use
The reality for the large majority of patients is that they want their medical providers sharing their information. I don’t know anyone who wants their health information kept private when it could provide them better care. I imagine there are some outlier cases, but the majority of people actually assume that doctors are sharing their health information already.

What patients want from doctors and in this discussion ACOs is transparency on when and what information is being shared. Is that too much to ask? I don’t think so and it’s the right way to honor patient privacy is to provide a way for the patient to be informed on where and when their health information is being shared.

Controlling Health Information Sharing
Some might say that we’re becoming a nation of control freaks. I’d argue that we don’t all want to be control freaks, but we do want that option available to us if so desired. As I said in the previous point, most patients want their information shared because they realize that they’ll get better, lower cost, more effective patient care if their doctors have all of their health information. However, one thing we hate as Americans is not having the choice of whether that sharing happens or not.

What does this mean? It means that you’ll provide patients the opportunity to restrict their health information from being shared and then almost no patients will use that function. Patients want the knowledge that they can stop health information sharing more than they want for their information to not be shared. It’s a subtle difference, but is another key to honoring patient privacy.

What other things can ACOs and healthcare organizations do to ensure that they’re honoring patient privacy?

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.