FHIR Chat · Practitioner.name.family masking · implementers

Stream: implementers

Topic: Practitioner.name.family masking

view this post on Zulip Brittany Brown (May 19 2021 at 20:06):

Trying to determine if we will still meet the US Core Must Support if we mask the last names of providers on R4 Practitioner when a patient is accessing the data. We have received feedback that for the safety of clinicians, we should be exposing First Names but only Last Initials for practitioners (regardless of their role). Does exposing last initial meet the requirement. We will expose full names for provider and b2b access. Thoughts?

view this post on Zulip Cooper Thompson (May 19 2021 at 20:21):

We (Epic) have definitely heard the same concern, especially from nursing staff. We've long supported a "patient-facing name" for providers that applies to all patient-facing exchanges (patient portal, APIs, after visit summaries, etc.), and organizations can populate that with a masked name if they so choose (this can be used for a subset of users, e.g. nurses). I agree that getting clarification that this is ok would be great (probably from ONC rather than US Core though), but I hope it isn't controversial masking be allowed, at least for many provider types. You are likely to know and get the full name for your PCP, but for other staff like nurses, it seems reasonable to mask.

view this post on Zulip Eric Prud'hommeaux (May 19 2021 at 20:25):

is US Core defined in terms of patient data access rights or just the data available to a maximally-permissioned agent (i.e. closer to b2b)?

view this post on Zulip Josh Mandel (May 19 2021 at 20:28):

Does someone have a handle on the underlying designated record set requirements for HIPAA right of access? (E.g., would this information be okay to mask in a full EHI export?)

view this post on Zulip Josh Mandel (May 19 2021 at 20:29):

US Core doesn't really make these kinds of distinctions by use case.

view this post on Zulip John Moehrke (May 20 2021 at 11:12):

Right of Access applies to ALL health data about that subject. with some exceptions around safety. -- more formal explanation https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html
This is, as is being discussed here, weighed against the Clinician's rights and expectations of privacy. So, it is not unexpected that these names are redacted.
However, a explicit request with cause can result in other legal actions that would uncover the individual.
So, it is layered.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -