| Doc.Ti | = | Patient Data Use Agreement |
|
| (DRAFT model document for Review & Discussion purposes) | = | |
|
| Why.Ti | = | PREAMBLE: |
|
| Why.sec | = | This document is a proposed model patient data use agreement. It is intended to establish a relationship between an individual and a data management service entity for the purposes of managing the individual’s complete, longitudinal health data on the individual’s behalf. It provides complete control over the aggregated copy of the patient’s data to the patient, including the destruction of the data should the patient wish to do so. This document does not authorize a data management service entity to function as a healthcare provider unless the data management service is already functioning in such capacity. The patient’s aggregated copy of health data does not supplant existing provider-maintained records that law and regulation require healthcare providers to maintain, nor does it have any impact on provider responsibility to report public health data or perform any other functions related to medical records as may be required by federal, state, and local law. |
|
| 1.Ti | = | Introduction |
|
| 1.sec | = | This Patient Data Use Agreement (PDUA or Agreement), by and between {P1.US.N,E,A} ({_Patient}) and {P2.US.N,E,A} (Patient Data Manager, or {_PDM}), authorizes {_PDM}, on {_Patient}’s behalf, to request, acquire, receive, aggregate, maintain, curate, secure, share, and delete, with {_Patient}’s permission as granted pursuant to this Agreement, {_Patient}’s complete, longitudinal digital health record (or any portions of the health record designated by the {_Patient}). |
|
| 2.Ti | = | Background and Authority |
|
| 2.1.sec | = | The Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, provides individuals with a right of access to inspect and obtain a copy of protected health information from their medical records maintained by their healthcare providers [see 45 CFR 164.524(a)(1)]. Under this right of access, pursuant to 45 CFR 164.524(c)(3)(iii), individuals can request, in a signed writing identifying where and to whom, that their personal health information be provided to third parties on the patients’ behalf.{FtNt.1.Xref} Using this right of access, an individual can use a third-party patient data manager to aggregate a complete, longitudinal record and maintain it in a way to provide secure access to accurate, reliable personal health data. |
| {_Patient} wishes to collect personal health data from a variety of providers and sources, including non-clinical sources and patient-generated sources; store that data in one complete, longitudinal record; and exert control over the sharing of and access to such health information. | = | |
|
| 2.2.sec | = | {_PDM} has the capacity to aggregate, maintain, and secure personal health data in a way that enables it to be: regularly updated; protected; compartmentalized; shared in whole or in part with the {_Patient}’s authorization; and maintained free of unauthorized changes or interference that could render the data untrustworthy. |
|
| 2.3.sec | = | {_Patient} seeks to exert the right of access provided to {_Patient} by 45 CFR § 164.524 and related HHS Office of Civil Rights guidance to regularly access personal health information maintained by healthcare providers in designated record sets and to direct providers to transmit {_Patient}’s personal health information to {_PDM} on {_Patient}’s behalf. |
|
| 2.4.sec | = | As {_Patient} wishes to have a complete, longitudinal health record under his or her full control and maintained on his or her behalf by {_PDM}, {_Patient} and {_PDM} agree to the following terms: |
|
| 2. | = | [G/Z/paras/s4] |
|
| Def.Ti | = | Definitions |
|
| Def.Patient.Ti | = | Patient: |
|
| Def.Patient.sec | = | {_Patient} is an individual who seeks to aggregate personal health data from disparate healthcare providers and sources, including data generated by him or herself. |
|
| Def.Patient. | = | [G/Z/ol/Base] |
|
| Def.PDM.Ti | = | Patient Data Manager (PDM): |
|
| Def.PDM.sec | = | {_PDM} is a third-party entity with whom {_Patient} enters into this PDUA for the purposes of requesting, acquiring, receiving, aggregating, incorporating, maintaining, curating, and securing {_Patient}’s complete, longitudinal digital health record. Examples of entities who could act as {_PDM}s are healthcare providers, health data systems, health insurers, and third-party mobile medical application entities. |
|
| Def.PDM. | = | [G/Z/ol/Base] |
|
| Def.PHR.Ti | = | Patient Health Record (PHR): |
|
| Def.PHR.sec | = | {_PHR} is {_Patient}’s aggregated, longitudinal health data that {_PDM} maintains on the patient’s behalf pursuant to this Agreement. The {_PHR} does not replace healthcare providers’ medical records systems, does not relieve any reporting responsibilities healthcare providers have under federal, state, or local law, and does not provide an alternative method for providers’ required maintenance of medical records. Should {_PDM} also be {_Patient}’s healthcare provider, the {_PHR} shall not be comingled with the provider/{_PDM}’s electronic health record system. |
|
| Def.PHR. | = | [G/Z/ol/Base] |
|
| Note | = | PDR is defined but not used? |
|
| Def.PDR.Ti | = | Patient Data Receipt (PDR): |
|
| Def.PDR.sec | = | An electronic computable set of structured data sent or provided to {_Patient} or {_Patient}’s designated {_PDM} at the conclusion of each health encounter or episode of care for inclusion in the {_Patient}’s {_PHR}. |
|
| Def.PDR. | = | [G/Z/ol/Base] |
|
| Def.PHI.Ti | = | Protected Health Information (PHI): |
|
| Def.PHI.sec | = | {_PHI} is defined in this agreement as it is defined by HIPAA [45 CFR 160.103]. |
|
| Def.PHI. | = | [G/Z/ol/Base] |
|
| Def.SDR.Ti | = | Standing Data Release (SDR): |
|
| Def.SDR.sec | = | A release through which {_Patient} exercises right of access to personal health information maintained at a healthcare provider on an ongoing, automatic basis and requests {_Patient}’s {_PHI} be transmitted to {_Patient}’s {_PDM} for curation in {_Patient}’s {_PHR}. |
|
| Def.SDR. | = | [G/Z/ol/Base] |
|
| Def.sec | = | |
|
| Def. | = | [G/Z/ol/Base] |
|
| 3.Sec | = | {Def.Sec} |
|
| 4.Ti | = | Standing Data Release |
|
| 4.1.sec | = | {_Patient} shall be responsible for completing and submitting a Standing Data Release ({_SDR}) to each healthcare provider from whom {_Patient} seeks access to personal health information. {_PDM} may facilitate the {_SDR} process, as feasible. [append sample form] |
|
| 4.2.sec | = | The {_SDR} complies with the Department of Health and Human Service’s Office of Civil Rights’ requirements for the release of personal health information from healthcare providers to third parties on the behalf of patients or patient representatives who are requesting access to personal health information. The {_SDR} enables the {_Patient} to authorize continual updates to {_Patient}’s {_PHR} and provides instructions to healthcare providers on enabling automatic updates in the form of a Patient Data Receipt in electronic health record systems. |
|
| 4.3.sec | = | {_Patient} understands that healthcare providers cannot transmit {_PHI} to a third party such as {_PDM} without the authorization of {_Patient} or {_Patient}’s authorized representative. {_Patient} also understands that once {_Patient} submits the {_SDR} to a healthcare provider, HIPAA provides the healthcare provider up to 30 days to complete the initial request and the right to seek a further 30-day extension. |
|
| 4. | = | [G/Z/ol-AA/s3] |
|
| 5.Ti | = | Patient Control |
|
| 5.1.sec | = | {_Patient} shall have complete authority and control over {_Patient}’s {_PHR} and all of the data contained within it, regardless of the source of the information. {_Patient} accordingly may direct {_PDM} to share all or part of {_Patient}’s {_PHR} with another entity or individual, including but not limited to a healthcare provider or family member. |
|
| 5.2.sec | = | {_Patient} may revoke a third party’s previously-granted {_PHR} access. {_PDM} shall immediately implement any such revocation (within one business day). {_Patient} understands that data shared prior to revocation of access often cannot be removed from related records kept by a third party, such as when information from the {_PHR} has been incorporated into a medical record maintained by a healthcare provider who treated {_Patient}. |
|
| 5.3.sec | = | {_Patient} shall have the ability and authority to add notes and comments to the information contained in the {_PHR}. Such annotations shall be clearly distinguished from the original text of any health data provided by healthcare providers to maintain data integrity and provenance. |
|
| 5. | = | [G/Z/ol-AA/s3] |
|
| 6.Ti | = | Sharing of PHR with Designated Parties |
|
| 6.1.sec | = | {_Patient} may authorize {_PDM} to share some or all of {_Patient}’s {_PHR} with individuals and entities that {_Patient} identifies. {_PDM} shall not share data without {_Patient}’s explicit permission. |
|
| 6.2.sec | = | {_PDM} shall establish a process for {_Patient} to request access for an identified individual or entity and to specify the type of access such individual or entity may have (e.g., full access, access to all except {_Patient}-generated health data, access to medication information only, access to payer data, etc.). |
|
| 6.3.sec | = | {_PDM} cannot guarantee that such designated parties will review the information that {_Patient} chooses to share. |
|
| 6.4.sec | = | {_Patient} may revoke this authorization at any time by notifying the {_PDM} by online form, in writing, by telephone, or via other processes that {_PDM} establishes. {_PDM} shall not limit {_Patient} to one method of notification but shall offer at least three means of revoking authorization. {_PDM} shall implement {_Patient}’s revocation immediately and shall indicate in the {_PHR} when the revocation has been so implemented. |
|
| 6.5.sec | = | Emergency Access. {_Patient} may grant permission in advance to the {_PDM} to share {_Patient}’s {_PHR} in the case of an emergency during which {_Patient} may not be able to authorize such sharing. Emergency sharing designations and permissions may be established and updated at any time, and may be limited to specific information of particular importance during emergency treatment when {_Patient} is otherwise incapacitated. |
|
| 6. | = | [G/Z/ol-AA/s5] |
|
| 7.Ti | = | Health Data Aggregation and PHR Updates |
|
| 7.1.sec | = | {_PDM} shall aggregate {_Patient}’s health data from each of the healthcare providers with whom {_Patient} has executed {_SDR}s into one cohesive, complete, longitudinal compilation of health data. Information can include but is not limited to medical records (including diagnostic imaging files such as X-rays or MRIs, lab results, and genomic sequencing data), billing records, and claims-related information. {_PDM} shall resolve conflicting health data, as feasible [and pursuant to {_Patient} instruction and/or service tier etc.]. |
|
| 7.2.sec | = | {_PDM} shall enable the incorporation of {_Patient}-generated health data (PGHD) from fitness trackers, wearables, remote health monitors, and other non-clinically-derived information into {_Patient}’s {_PHR}. Such information will be clearly delineated as PGHD. |
|
| 7.3.sec | = | {_PDM} shall enable the incorporation of subjective assessments by the patient of their health outcomes into the {_PHR} (i.e., patient reported outcomes (PROs)). Such information will be clearly delineated as PRO. |
|
| 7.4.sec | = | {_PDM} shall ensure that its system can accept and integrate updates (Patient Data Receipts) from healthcare provider EHRs on an ongoing basis. If {_SDR}s are in place, Patient Data Receipts shall be automatically transmitted from provider EHRs to the {_PHR} at the conclusion of each of {_Patient}’s health visits or health encounters. |
|
| 7. | = | [G/Z/ol-AA/s4] |
|
| 8.Ti | = | Accounting of Disclosures |
|
| 8.1.sec | = | {_PDM} shall maintain a record or log of active {_SDR}s and activity within the {_Patient}’s {_PHR}, including updates and disclosures, and shall provide a mechanism by which {_Patient} can ask for additional information about any documented disclosure. Disclosures shall indicate what data was provided, to whom, on what date and time, and the {_SDR} associated with the healthcare provider. |
|
| 8.2.sec | = | {_PDM} shall maintain log entries for a minimum of 7 years from the date of access. {_Patient} retains the right to print or otherwise save the log or information about specific entries at any time. |
|
| 8. | = | [G/Z/ol-AA/s2] |
|
| 9.Ti | = | PHR Security and Restrictions on Use |
|
| 9.1.sec | = | {_PDM} shall not use or further disclose {_Patient}’s {_PHR}, either in whole or in part, other than as permitted by this Agreement and as authorized by {_Patient}. [consider adding here provisions related to law enforcement/access via subpoena and/or court order] |
|
| 9.2.sec | = | {_PDM} shall use appropriate safeguards to prevent any use or disclosure of {_Patient}’s {_PHR}, either in whole or in part, other than as specified in this Agreement and as authorized by {_Patient}. To the extent that {_PDM} receives, maintains, or transmits {_PHR}, {_PDM} shall use appropriate administrative, physical, and technical safeguards that comply with those required by the HIPAA Security Rule and that reasonably and appropriately protect the confidentiality, integrity, and availability of {_PHR}, regardless of whether {_PDM} is a Covered Entity as defined by HIPAA. |
|
| 9.3.sec | = | {_PDM} shall comply with any applicable state and local security and privacy laws to the extent that they are more protective of {_Patient}’s privacy than the HIPAA Privacy Rule and the HIPAA Security Rule, regardless of whether {_PDM} is a Covered Entity as defined by HIPAA. If {_PDM} is not a Covered Entity, other federal laws and regulations may apply (e.g., Federal Trade Commission regulations pertaining to health data held by third-party entities not impacted by HIPAA). If {_PDM} offers access to the {_PHR} in a mobile application, Food & Drug Administration rules may also apply. {_PDM} is responsible for ensuring compliance with all applicable law and regulation. |
|
| 9.4.sec | = | {_Patient} shall not share personal login and authentication information for {_PHR} access with anyone. {_Patient} may designate Patient Representative(s) who may access {_Patient}’s {_PHR} in {_Patient}’s stead, but Patient Representative(s) shall maintain his or her own login and authentication information. |
|
| 9. | = | [G/Z/ol-AA/s4] |
|
| 10.Ti | = | Mobile Access to PHR |
|
| 10.1.sec | = | The {_PHR} is an aggregation of {_Patient}’s digital health data from various sources, both clinical and non-clinical. {_PDM} may provide various means of {_PHR} access to the {_Patient}, including through mobile applications accessible on a smartphone, smart speaker, or other such electronic device. In such an instance, {_PDM} shall determine whether any such applications meet the Food & Drug Administration’s (FDA) definition of a mobile medical application and shall adhere to any additional requirements and guidelines set out by the FDA. |
|
| 10. | = | [G/Z/ol-AA/s1] |
|
| 11.Ti | = | Independence From Provider Medical Records |
|
| 11.1.sec | = | {_Patient}’s {_PHR} maintained by {_PDM} is separate and independent from medical records that healthcare providers are required by law to maintain for each patient. Healthcare providers may incorporate information from the {_PHR} into their medical records if the {_Patient} grants them access to the {_PHR}, but the existence of the {_PHR} does not supplant their medical records systems, any reporting responsibilities healthcare providers have under federal, state, or local law, or provide an alternative method for their required maintenance of medical records. |
|
| 11. | = | [G/Z/ol-AA/s1] |
|
| 12.Ti | = | Termination |
|
| 12.1.sec | = | This Agreement shall begin on the Effective Date set forth above and shall continue indefinitely until terminated by either party. |
|
| 12.2.sec | = | Breach of any of the terms of this Agreement may result in immediate termination of the Agreement in some circumstances (e.g., malicious actions, such as attempts to breach security measures, actions that cause substantial harm due to negligence or malfeasance). If the breach results from a mistake or negligence that can be easily remedied without substantial harm to the non-breaching party, the breaching party shall notify the non- breaching party within three (3) business days and take corrective action within a reasonable timeframe as agreed upon by the parties to address the breach. If action is not taken to remedy the breach in a reasonable timeframe, the Agreement shall be terminated. The non-breaching party retains all rights to pursue claims for breach of contract pursuant to the laws of the state of [Massachusetts] and any and all other remedies provided pursuant to federal, state, and local law, including HIPAA and Federal Trade Commission regulations. |
|
| 12.3.0.sec | = | Upon termination by either party, revocations of active {_SDR}s shall be generated by the {_PDM} and submitted to all entities providing data to the {_PHR} on an automatic basis. {_PDM} shall disable the ability of {_Patient}’s {_PHR} to receive updates no later than five (5) business days of submitting revocation notices. |
|
| 12.3.1.sec | = | {_Patient} understands that {_SDR}s are not transferable to other {_PDM}s and that new forms will need to be completed and submitted to healthcare providers pursuant to the new {_PDM}’s policies to authorize automatic updates to the {_PHR} maintained by a new {_PDM}. |
|
| 12.3. | = | [G/Z/ol-a/s1] |
|
| 12.4.0.sec | = | {_Patient} may terminate this Agreement at any time with written notice to {_PDM}. Upon notice of {_Patient}’s desire to terminate the Agreement, {_PDM} shall provide {_Patient} the ability to transfer {_Patient}’s {_PHR} and related access logs to another patient data manager of {_Patient}’s choosing, to be provided a copy of the {_PHR} for {_Patient}’s personal storage, and/or to destroy the {_PHR} data and related access logs. {_PDM} shall provide {_Patient} thirty (30) days to make a decision about disposition of the {_PHR}. Should {_Patient} opt to transfer {_PHR} to another patient data manager, {_PDM} shall assist {_Patient} with the form(s) and process needed to authorize the transfer. {_PDM} shall ensure that the transfer may be effected electronically if {_Patient} so elects and shall be performed expediently and no later than 30 days after {_Patient} notifies {_PDM} of its disposition decision, without undue burden or unreasonable cost. |
|
| 12.4.1.sec | = | {_PDM} shall, to the best of its ability, confirm successful transfer of {_Patient}’s {_PHR} to a new patient data manager, or the date, time, and method of destruction of {_Patient}’s {_PHR} data and access logs, as applicable. |
|
| 12.4. | = | [G/Z/ol-a/s1] |
|
| 12.5.0.sec | = | {_PDM} may terminate this Agreement with 60 days’ notice to {_Patient} and shall require acknowledgement from {_Patient} within five (5) days of such notice to ensure {_Patient} is aware of the impending termination. {_PDM} shall provide {_Patient} with the option to transfer {_PHR} to another patient data manager, to be provided a copy of the {_PHR} for {_Patient}’s personal storage, or to destroy the {_PHR} data. |
|
| 12.5.1.sec | = | {_PDM} shall, to the best of its ability, confirm successful transfer of {_Patient}’s {_PHR} to a new patient data manager, or the date, time, and method of destruction of {_Patient}’s {_PHR} data and access logs, as applicable. |
|
| 12.5. | = | [G/Z/ol-a/s1] |
|
| 12.6.sec | = | In the event of {_Patient}’s death, {_PDM} shall follow the specific instructions {_Patient} provided at initiation of the {_PHR}. Data will be destroyed or donated to a data repository named by {_Patient}. {_Patient} may request a copy be provided to {_Patient}’s named beneficiary prior to disposition. |
|
| 12.7.sec | = | {_Patient} understands and acknowledges that {_PDM} shall not keep a copy of {_Patient}’s {_PHR} once an agreement has been terminated, the patient has selected the method of disposition or transfer of the {_PHR}, and the {_PDM} has successfully disposed of or transferred the data. In the event that {_PDM} is the terminating party, {_Patient} shall have one year from the date of termination to determine the method of disposition or transfer. If disposition or transfer does not occur within that year, {_PDM} shall then destroy the data. |
|
| 12. | = | [G/Z/ol-AA/s7] |
|
| 13.Ti | = | Modifications to Terms of Agreement |
|
| 13.1.sec | = | This Agreement may be updated or amended due to changes in law, regulations, policies, or for other reasons. Parties to this Agreement will be alerted to any such updates or amendments a minimum of 30 days prior to implementation. |
|
| 13.2.sec | = | Neither party shall assign this Agreement without the written consent of the other. |
|
| 13. | = | [G/Z/ol-AA/s2] |
|
| = | [G/AgtForm/US/Frame/2Parties/0.md] |
|
| = | [G/Z/ol-II/13] |
|
| _P1 | = | Patient |
|
| _P2 | = | PDM |
|
| FtNt.1.Xref | = | 1 |
|
| Annex.Div | = | Footnotes- {FtNt.1.sec}
|
|
| ______________________________________ _____________________ Patient Date | = | |
| ______________________________________ _____________________ | = | |
| XXXX, on behalf of PDM | = | |
|
| Approved for Public Release; Distribution Unlimited. Case Number 18-1973. © 2019 The MITRE Corporation. All rights reserved. | = | |
|
| FtNt.1.sec | = | The HHS Office of Civil Rights provides further interpretive guidance regarding the use of the right of access to transmit {_PHI} to third parties designated by the individual, including the use of an example of transferring {_PHI} to an individual’s mobile app on a smartphone, (FAQ #2036, https: www.hhs.gov/hipaa/for- professionals/faq/2036/can-an-individual-through-the-hipaa-right/index.html), and provides further guidance that such requests may be provided on a standing basis to avoid having to repeat requests for access each time {_PHI} is updated (FAQ #2070, https://www.hhs.gov/hipaa/for-professionals/faq/2070/may-a-covered-entity-accept- standing-requests/index.html). |
|
| _Patient | = | Patient |
|
| _PDM | = | PDM |
|
| _SDR | = | SDR |
|
| _PHR | = | PHR |
|
| _PHI | = | PHI |
|
/Docs/G/Patient-Data-Manager/pDMA/Form/0.md