The essence of controlling Ebola is surveillance. To accept surveillance, the population must trust the system responsible for surveillance. That simple fact is as true in Liberia as it is in the US. The problem is that health care surveillance has been privatized and interoperability is at the mercy of commerce.
Today I listened to the JASON Task Force meeting. The two hours were dedicated to a review of their report to be presented next week at a joint HIT Committee Meeting.
The draft report is well worth reading. Today’s discussion was almost exclusively on Recommendations 1 and 6. I can paraphrase the main theme of the discussion as “Interoperability moves at the speed of commerce and the commercial interests are not in any particular hurry – what can we do about it?”
Health information technology in the US is all about commerce. In a market that is wasting $1 Trillion per year in unwarranted and overpriced services, interoperability and transparency are a risk. Public health does not pay the bills for EHR vendors or their hospital customers.
Commerce dictates that patient surveillance should be done by two kinds of institutions, neither of which is accessible to the patient. We have health information exchanges and data brokers. Health information exchanges, be they vendor operated or public, almost without exception, exclude the patient. The same is true of data brokers as has been covered in the work of Patient Privacy Rights . The Data Map shows us a hidden web of health data surveillance designed to keep the wheels of commerce moving with as little visibility and accountability as possible. Involuntary and hidden surveillance is nowhere more evident than in the “patient matching” practiced across the Data Map.
Hidden surveillance for commercial gain leads to mistrust and that in turn chills the public’s willingness to link cell phone data, social contacts, genetics, travel, and family into the health care and public health domain. It’s not so great for medical research either.
Ebola offers us an opportunity to review our health data priorities. Privacy, in the form of Fair Information Practice Principles, must become a national priority and provide all of us with access to our health data before it goes to other institutions, health information exchanges, and data brokers so that we can control secondary use. Patients have a right to be notified of patient matching and to a complete real-time on-line accounting for disclosures. The notices routinely provided by Apple or my bank on key account activity need to become the norm for health IT. We have regulations that separate public health and law enforcement data uses from commercial and research uses. These separation laws must be upgraded for the digital age.
Most important of all, patient health records must be linked to and controlled by the patient rather than some institution. Instead of treating physicians as agents of the institution, health record access must respect the privacy of the physician-patient relationship. Authorized physicians must have direct access to patient records without intermediation by proprietary software and commercial interests. Authorized physicians must be technically able to communicate with other physicians and with public health authorities without institutional interference and side-effects of secondary use. The trust we build will do a world of good.
Adrian Gropper, MD is the CTO of Patient Privacy Rights