Alaap Shah Quoted in “Just Say ‘Yes’: Government Putting Patients at the Center of Records Access Requests”

HCPro "Briefings on HIPAA" Newsletter September 2019

Alaap B. Shah, Member of the Firm in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, was quoted in the HCPro “Briefings on HIPAA” newsletter, in “Just Say ‘Yes’: Government Putting Patients at the Center of Records Access Requests,” by Dom Nicastro.

Following is an excerpt:

Having Strong Data Governance

Alaap B. Shah, an attorney who specializes in healthcare and life sciences for Washington, D.C.–based Epstein Becker Green, says organizations can prepare for the new world of patient access by becoming good at data governance. Patients will soon have all the power, and saying “no” or “we’ll get you that request in 30 days” will no longer be acceptable, he says.

“The whole idea is giving life to what is said in the 21st Century Cures Act in terms of using all this data that’s being amassed in these various places, empowering the patient at the center of that, and fostering a culture where data flows more freely out of the traditional context into the more innovative sectors,” Shah says.

This innovation sector could be from app develop­ers in Silicon Valley or just places where people might be trying to get access to this information to gain insights, he adds.

One of the best things organizations can do to anticipate changes empowering patients is proactively positioning themselves to deal with data governance issues, according to Shah.

This is about “having data flow from point A to B,” he says. Shah adds that “a lot of that will require refining existing compliance programs and data gover­nance programs or building them from scratch.”

Healthcare organizations need to think about becoming “data stewards” and developing organiza­tional structures to deal with data governance and data asset management.

“From the top levels down, starting from the board all the way through the leadership down to the staff and personnel, organizations need to develop policies around the way people should conduct themselves,” Shah says. Organizations will need to “position themselves to be able to build trust networks where they can share that information and be confident that it’s being used for good things and used in responsible ways.”