Health information privacy is achievable. However, fulfillment of this promise requires free flow of information between systems that are used to provide care, development of common standards so that patient data can be securely ported across clinical settings, safeguarding and tracking the communication and access to medical records; with special attention given to locking the pieces of health data that are considered very personal and privileged by the rightful owner of that data - the patient.
A patient cannot be expected to negotiate the complexity to manage scattered bits of private health data unless health information is collated and unified in a simple and easily accessible manner. We can all appreciate how the lack of availability of meaningful health information at the time when it is needed most (e.g. immunization and allergy records, medicating use history) contributes to errors and delayed care. Current market solutions do not provide solutions that address these issues. Actively provisioning for privacy at every step and securely protecting sensitive patient health information through patient driven control mechanisms is not something that is a burning priority lighting up their radar screens anytime soon. For Ondemand healthcare, this was a core premise around which all solutions were designed.
While legal framework is only just beginning to take shape and while it remains our collective opinion that well guided public policies driven by public debate can improve care delivery by increasing access to information while preserving the privacy of information considered sensitive by an individual; it cannot be a pre-condition for righteous action. And though there is little doubt that widespread use of Electronic Health Records has the potential to benefit patients and other stakeholders, lower administrative costs, reduce complexity for those providing care; much work still remains to be done by other Healthcare IT companies to ensure total privacy by patient determined choices.
The tenets of physical, organizational or informational privacy need not be subjugated to an IT enabled trade-off that mandates a servile surrendering of an individuals interests to the larger and more powerful interests of business groups whether through explicit promises or implicitly disguised yet clearly perceived benefit.
Nowadays, groups with as divergent interests as Health Insurers and Health Providers are seeking convergence in health exchanges, data banks, electronic registries, data vaults and Regional Health Information Organizations (RHIO's). Regulation and generous Government grants are making unwilling partners travel together to their preordained destinies of a National Health Information Network (NHIN). Conditions suddenly have now become conducive for the creation of something more than just a "privacy headwind".
Privacy, today is in the eye of a storm. Portability of health data over a network is taking priority. Individual patient rights thus stand threatened to become the sacrificial goat. It is therefore very critical that individuals understand the two divergent views on health record privacy as well as clarify the position that their vendors take on this issue.
To some, privacy means controlling patient's data within their closed environments even if it means disenfranchising the rights of patients through lack of provision for access by patients themselves. A subset of this group even openly advertises the fact that health data of patients will be mined (and sold for profit). Another variant hides behind the mechanism of "cookies" or the fact that "third party access has confidentiality agreements" which would therefore obviate the need for an autopsy of the issue. They have blatant statements in the user agreements that they hope someone will overlook. These statements claim “aggregated information from the Service for marketing” may be disclosed. Users who click "I agree" will be delivering future downstream concerns about privacy that would be dead on arrival. These vendors are so open minded that they even tout their storage in "other country(ies)" as an honor that deserves recognition from audiences worldwide. It is not without reason though. The thought is that downstream in some public court, this statement will somehow magically help their circumventing of HIPAA applicability on US soil and liberate them from direct accountability to their users; if not themselves. There are others who advertise their partnering or acceptance of "oversight" by external agencies. Sounds wonderful, doesn't it? Except for the fact that these "overseeing" partners would also need oversight - from the little guys - the patients to whom this data belongs in the first place!
To others, like us, privacy was a moral and ethical principle that could not be compromised ever. We chose to take the hard road. Ondemand healthcare chooses to spend their energies in educating members on our network, increasing patient awareness, empowering and enabling them to exercise their rights and collaborating with them in ways that will contribute to the richness of an open and yet hugely secure information infrastructure, one built on the flames- not ashes of privacy.
Just as physicians, patients too need their health information to be available to them when they need it. Their right to choose whether they consent or refuse, whether they elect to participate or not needs to be respected and embraced. Healthcare IT organizations today, therefore, need to embody privacy concepts within the framework of a patients right to self determination as part of their corporate mantra; like Ondemand healthcare has. Only then, can they lead the path with healthcare solutions that mirror these patient needs and develop novel methods and applications that comprehensively achieve such goals for their customers. Investments in valiant efforts like these will eventually serve to create the building blocks for highly secure information infrastructures built on trust and respect for patient's rights.
:- Sandeep Jain, MD
Copyright 2008. SOWSIA Healthcare Solutions, Inc. All rights reserved. (blog@sowsia.com) www.sowsia.com
Comments