HHS Wants to Empower Patients by Providing Direct Access to Test Results – Except When It Doesn’t

February 4, 2014

By Jeffrey N. Wasserstein & Jennifer M. Thomas

Yesterday, the Department of Health and Human Services (HHS), announced a final rule (published in the Federal Register on February 6, 2014 – here) amending the Department’s Clinical Laboratory Improvement Amendments of 1988 (CLIA) regulations, and the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, to give patients direct access to laboratory test results.  Until now, CLIA and CLIA-exempt laboratories reported results only to an “authorized person,” defined as a person authorized under state law to either order, or receive, test results.  In most states, that limited reporting of test results to the treating physician or the laboratory that initially requested the test.  However, the HHS final rule will require laboratories to also report those results directly to the patient, or his or her personal representative, upon request.  It will preempt state laws to the contrary.

According to the press release announcing the final rule, HHS Secretary Kathleen Sebelius believes that “[i]nformation like lab results can empower patients to track their health progress, make decisions with their health care professionals, and adhere to important treatment plans.”  Indeed, the final rule states that patients’ right to access test reports “is crucial to provide individuals with vital information to empower them to better manage their health and take action to prevent and control disease.”

But there are limits to patient empowerment.  FDA, an HHS operating division, recently sent a widely-publicized warning letter to 23andMe, Inc., a direct-to-consumer genetic testing laboratory, in which it noted that certain risks associated with laboratory tests “are typically mitigated by . . . management under a physician’s care.”  Further, FDA expressed its concern that the “risk of serious injury or death is known to be high when patients are either non-compliant or not properly dosed; combined with the risk that a direct-to-consumer test result may be used by a patient to self-manage, serious concerns are raised if test results are not adequately understood by patients . . . .”

There is a logical distinction between CLIA-certified laboratories reporting the results of a physician-ordered test directly to the patient, and a direct-to-consumer testing service that reports results with potentially no physician involvement at all.  However, the circumstances FDA cites in the 23andMe, Inc., letter as being most concerning would entail at least some degree of physician involvement.  For example, FDA notes that a patient receiving a false positive for BRCA-related genetic risk of breast or ovarian cancer might “undergo prophylactic surgery, chemoprevention, intensive screening, or other morbidity-inducing actions,” or that a patient receiving his or her assessment of drug responses may “begin to self-manage their treatments through dose changes or even abandon certain therapies depending on the outcome of the assessment.”  In either case, the patient would be required to consult a physician to seek treatment, or would already be under treatment by a physician prescribing the drugs in question.

So the questions raised by these two government actions remain:  when does greater access to health information empower patients, rather than putting them at risk?, or, when is patient empowerment worth the risk?  The answer for now seems to be “when HHS and FDA say so.”

Categories: Health Care |  Health Privacy