So it’s time for a little rant about everyone’s favorite privacy advocate, and the way she gets treated in the press—including by people who should know better (yes, I mean you, Inga at HERTalk, even though I am your favorite booth babe). I won’t overdo my previous statements about the illogical inconsistencies of Peel’s positions, and more to the point the utter one-sidedness of the utility of only caring about privacy breeches and nothing else. But it is time to remind everyone who’s rational and who’s the fruit loop.
Three different articles in recent days brought this up. Xconomy (the TechCrunch of Boston) had a long article about new “ich bin keine blogger” and modern linguist Jonathan Bush (CEO, athenahealth). In a good article, mostly about how athenahealth was spending more money on marketing and therefore making lower profits, Ryan McBride had a throwaway para at the end about a new athenahealth (still-under-wraps-and-likely-to-stay-there-for-a-while) product called athenacommunity. Here’s the offending para (and note that McBride annoys the athena PR gods by using a capital A when the name is lowercase!):
Athena might be able to halve the amount that physicians pay to use its EHR if they participate in what is now a nascent effort at the company called “AthenaCommunity.” Athena’s EHR customers who opt to share their patients’ data with other providers would pay a discounted rate to use Athena’s health record software. Athena would be able to make money with the patient data by charging, say, a hospital a small fee to access a patient’s insurance and medical information from Athena’s network. For a hospital’s part, this might be cheaper than paying its own staff to gather a patient’s information through standard intake procedures. Hallock, Athena’s spokesman, says the community is in development and is slated to launch later this year
Inga at HERTalk spied an opportunity to get Deb Peel some rant time. And based on that one snippet Peel went off:
This is an ABSOLUTE nightmare—it TOTALLY violates medical ethics and the patients’ rights to privacy — not to speak of Americans’ well-known constitutional rights to privacy. Physicians who go along with that could well violate state licensing laws which often require adherence to the AMA’s principles of Medical Ethics, as well as violate many state laws that REQUIRE informed consent for disclosures of many kinds of information, from genetic tests, to mental health information, to STDs, to addiction treatment information. athena and all the many vendors who coerce doctors to disclose patient health information without consent will have NO liability. Who do you think the patients will sue for violating their privacy? Their doctor, of course, who chose to use an illegal, unethical EHR system. athena will not pay for this massive privacy disaster —their doctor/users will.
Now the reader who hasn’t been overdoing the amphetamines might have read the Xconomy article as suggesting that athenahealth was going to be providing a service creating interoperability between a doctor and a hospital on a different EMR system. Err…isn’t the government spending $34 billion because it thinks interoperability will, just perhaps, improve efficiency, care quality and consumer happiness? Wouldn’t per chance it be better for a patient if, for example, the lab result that their doctor had seen was already there when they went to the local hospital and saw a different doctor? Wouldn’t it be easier for them not to have to fill out the clipboard and have their paper insurance card photocopied yet again? Errr…isn’t that what’s already happens in either integrated systems like Kaiser Permanente or communities with decent data sharing already in places like Indiana and Utah? Isn’t it possible that athenahealth is just trying to imitate that in communities where it has a decent footprint? What exactly does that have to do with violating medical ethics? And aren’t the guys at athena—who apparently know a lawyer or two—smart enough to make sure that data prevented by law from being shared without prior consent won’t be shared?
But apparently that screed of illogical bullshit from Peel is ok because she’s a “guru” according to Inga. It actually gets worse with Peel penning a longer piece later all about how athenahealth is going to be selling the most intimate of patients’ medical secrets to blackmailers and perverts. Luckily HISTalk published a counterpoint immediately after it by Truth Seeker basically stating the obvious—that this is about local information exchange to improve efficiency and patient outcomes. But it doesn’t really excuse Tim & Inga for letting Peel spout off. And for that matter, it doesn’t excuse Microsoft for kowtowing to her when they launched Healthvault.
Of course athenahealth then had to make poor Derek Hedges (SVP for Product Strategy) publish a worthy (and slightly dull) piece explaining the blindingly obvious about what their new service is doing:
….designed to simplify clinical data exchange between physicians and other health care participants in a way that empowers primary care physicians to truly care for their patients by ensuring that appropriate clinical and administrative data is routed to downstream trading partners without undue effort on the part of their staff. As a service organization, athenahealth will take on the majority of work (e.g., compilation of key insurance and demographic data, including pre-authorizations) related to generating and processing a clean order.
So they’re going to transfer the clean information over to either the physician or hospital that gets the referred patient (and BTW follow up with the patient to make sure they went and had the referred appointment) and then report this all back to the primary care doc. This will save money and improve the care process all round, and athenahealth will get a cut from the hospital—some of which they’ll use to make their service to their doctor client cheaper.
Funnily enough the real proof of how this helps a patient, despite Peel’s squeals, came in a Steve Lohr NYTimes article in which Jonathan Bush, this time speaking English, had a minor go at the Falcon-toting princes in DC who are giving his company and many of its rivals $34 billions in stimulus money. (Despite Bush’s cracks about the stimulus program, he’s basically OK that it’s being given out for use, not hardware—but he still calls it cash-for-clunkers!). But the article is pretty ho-hum.
The comments, though, are fascinating:
Comment 1 is from Betty C in CA channeling Deb Peel and seems to be unaware of HIPAA or other laws on the books.
What about privacy. For a few bucks, an internet vendor will sell someone your credit report, today. Tomorrow, they will be selling your medical information for the same price.
Comment 3 from BrentMike in CA also channeling Deb Peel is factually wrong or at least soon will be. He apparently had missed the Times’ extensive coverage of the recent health care debate:
Electronic Health Care Records enable Heathcare (SIC) Insurers to better discriminate against people with expensive conditions. And the fear of this happening is quite well-founded, by the way. That’s why most people are dead-set against this.
And then we come to comment 4 from (gasp) a patient who actually has used an EMR:
…I do find as a member of Kaiser Permanente in Northern California that electronic management of all aspects of health care (including appointments, test results, email to and from health providers, and so forth) saves patients an enormous amount of wear and tear. <SNIP> …it induces culture shock when one of my PPO-subscribing friends complains about how long it took to get test results, how many calls had to made to a provider, or how many visits were made to answer one question. If the feds could get it right, they might discover a big increase in happy consumers of health care.
And there you have it. Do we want happy patients who experience the benefits of good information use? If so we have to figure out some way of moving data between those 80% of providers who are not in Kaiser, Group Health or Mayo. athenacommunity may be one way of doing it.
Or do we just want to let Deb Peel shoot her mouth off.
Categories: Uncategorized
Re: “Happy Matt-agrees-with-Nate Day!” So, doomsday skipped two years and we’re ushering in the day when the lion will indeed lie down with the lamb (you decide who’s who).
Seriously, while I’d like more specifics on the athenaCommunity before making a judgement call, I do think there are legitimate concerns about sharing patient data. To expand on the points raised by bev M.D. and Margalit, who’s legally responsible for this information in the event of a breach? Nothing in our recent past suggests that any system is 100% secure, or that such an event will escape litigation when it occurs.
Matthew,
There is a middle ground between blanket consent to share PHI and requiring consent for every piece of data when it is moved. I think it should be opt-in and I think people have a right to decide not to share certain things like mental health, reproductive services, STDs, etc. This is a one time decision and should be easy to do electronically if patients have access to a portal or PHR or whatever they want to call it.
Regarding disclosure, I want disclosure for sales of de-identified data. If it’s so innocent, then please let me know about it. I am not aware of a solution to re-identification, other than sentencing re-identifiers to hard labor or having them supply kidneys to sheiks, but if you have information on that I would be curious to learn.
Another thought that keeps bothering me is the Property issue. If the data is the patient’s property (as Health 2.0 proposes and I agree), and is held in trust by providers and their business associates, then how can they go and sell other people’s property? The best case scenario is that with the proprietor’s permission they can broker an aggregate sale, in which case they should collect a commission and remit the bulk of the money to the patient. I understand a chart sells for anywhere between $50 to $500 and you can sell it multiple times. Some folks would probably want the money.
Happy Matt-agrees-with-Nate Day! Should be a national holiday….
Margalit–Other than the shock of having to totally agree with Nate for the fist time ever, I’m puzzled by your first two statements.
1) Patient consent is considered before any data is transferred.
2) Full disclosure is made regarding where the data is going, including where the Hospital is sending it.
Obviously you could write these regulations in practice either way. For #1 I would favor a one time easy to read full disclosure, opt-out, which included telling you that if you opt-out you now have to fill in a form every time you ever hit the health care system and your risk of dying because you’ll be given a drug you are allergic too is now 1 in 3. Oh, and we’ll charge you for the data entry.
Deb Peel (and you) would want the patient (and she told me this directly) to have to opt-in to having any piece of their data moved every time it is moved, and be forced to sign a form saying that the hospital could sell the data to an organ donation site which would have the right to extract their kidney whether they were alive or dead if they were a semi decent match for the Arab shikh who wanted it. (OK, she only told me the first part, but you get my drift).
In the first case I’d get near 100% patient agreement, in case #2 you;d get around 5% and data interaoperability would be dead on the vine. Deb Peel would be happy and the country would be enormously worse off.
It’s clearly obvious what athena is talking about, and they might well be happy to promise not to sell your data secondarily (even deID’d, although that re-IDing problem has also been solved). It’s also clearly obvious that Peel is misrepresenting what they said AKA making shit up.
Let’s take a step back, please.
HIPAA does not cover de-identified data, and HIPAA has a loosely defined clause allowing disclosure of PHI for “Health Care Operations”. Nobody knows what that really means. As Dr. Latanya Sweeney showed multiple times, re-identifying data is pretty much a no brainer.
Michael T. is absolutely correct in his assessment of this tidbit of news, which by the way, is probably just the tip of the iceberg. There will be more.
Also, note that athena’s reaction refers to data exchange “between physicians and other health care participants”, which may include more than just hospitals and other physicians. And nowhere does it say that information will be flowing back to PCPs, so I wouldn’t assume that to be the case.
I don’t have a problem if the hospitals want to speed up interoperability and they offer to pay EHR vendors to develop quick solutions.
In short, I would commend this effort if:
1) Patient consent is considered before any data is transferred.
2) Full disclosure is made regarding where the data is going, including where the Hospital is sending it.
3) Data flows both ways – up to the Hospital and down to physicians.
4) athena commits to both not selling de-identified data on its own, and not receiving kickbacks from the Hospital selling same data.
Maybe Dr. Peel is very zealous in her cause, but I don’t think you can disregard Dr. Sweeney’s warnings due to zealotry. Once this genie is out of the bottle, there’s no way to put it back in.
BTW, ONC and its committees are wrestling with the same issues right now.
WHo is doing the work bev? Transmitting data from one person to another cost money. Transfering data also has huge risk, people aren’t going to take that risk for free.
Lets exam EDI now. Most doctors and hospitals get their EDI for free or a flat rate of next to nothing. This is in place of them paying printing, paper, and postage before. Most clearing houses business model is based on the receiving payor getting charged. Personally I have an issue with paying $0.40 to receive something, that might not even be mine, that use to cost me nothing. The clearing house needs paid by someone though, they have software cost, broadbank cost, programing cost, and liability from HIPAA if data gets misused.
A GP isn’t going to want to pay to push data to a hospital. That cost is currently incured by the hospital. If the GP doesn’t pay thn who covers the cost of the exchange?
Their are countless EMRs someone needs to make sure data comming out of one can be read going into the other. Take the Fed for example, ACH transactions are 100% standardized, people each buy their own ACH software but the fed still charges .07 or what ever it is to facilitate the transaction.
Michael, T where in any of that did it say a right to life optometrist could see you had an abortion? No one was talking about dumping all your medical records into one big folder and sharing it with the world. Specific people would have access to specific data as required to transact business, as clearly outlined in the HIPAA regs. Your taking a problem that isn’t and endicting the whole process.
Matt, I don’t think personal attacks are needed to make your argument? You are right that in 99% of the cases patients want their information to flow from one provider to another but that doesn’t mean they want a private third party to be both hosting and more importantly harvesting it?
Athena is simply trying to position itself as a private HIE alongside the new govt funded ones. I know you aren’t naive,so if drug companies love getting 95% of all prescription data (uploaded daily and harvested by multi-billion dollar firms)now I am quite sure they would pay a fortune for access to this data and I am sure that direct to consumer marketing would follow fairly quickly. We already have firms giving docs “free” tablets in their waiting rooms that deliver drug ads to patients based on their presenting problem.
Dr Peel is an psychiatrist not a GP and in her patient population privacy is far more important. Sadly in this country we still don’t have full mental health parity and you can still and will be discriminated in employment and healthcare if you have receive treatment for a neuro-biological disorder like depression.
There are any also a number of situations like the 1 million abortions that occur each year where a patient would feel uncomfortable having their mental health and GYN medical information shared with all of their providers. At Kaiser women often end up opting for care outside of the system for these two classes of care in order to maintain their privacy (Patients at Kaiser – which uses Epic and with MUMPS you can’t block fields can’t opt out of having this in their charts.
Does your right to life optometrist really need to know you had an abortion? Do you patients want their data harvested and sold when we all know it is simple to match de-identified data back to you? Just ask the docs who have to deal with drug reps who combine RX data with the AMA data-base to push new drugs.
So rather then attacking Dr Peel and the population she represents perhaps we can develop new software solutions that do in fact allow you to blind information that the patient doesn’t want shared from other providers.
No Nate, what I was trying to say was, why won’t an open interoperable system simply take the info from the physician’s office EMR and transmit it to the hospital’s EMR, free? Both have paid $$ to purchase their EMR’s, why should a “toll” be extracted by a middleman to access one from the other?
I’m beginning to beleive Matt that maybe I really am an idiot, what are bev and all these people talking about? Unless I lost my ability to read instead of the hospital trying to;
1) Use old insurance info from when the person was in 5 years ago
2) ask an ER or otherwise disposed person for their insurance card
3) try to get the insurance info from staff of the doctor, I won’t comment now on their lack of inteligence or training in Dr office, oops sorry
4) going without insurance info and sending bill to the member
they instead….OMG will look it up on Athenacommunity. That can’t be allowed to happen. That tears at the very fabric of our country.
Do none of these poeple have any idea what acceptable use under HIPAA means? I always wondered why HIPAA was passed in the first place, protection from a lethal threat that never was, now I know. A bunch of nut cases working each other into a frenzy.
Matthew;
I know you are in love with athena (speaking of favoritism), but this athena proposal bothers me for reasons other than privacy. Maybe I am misunderstanding how this will work,but it appears athena wants to be yet another middleman and charge a hospital to collect or access data that the patient/ PCP is now obligated to provide free? And what if multiple athena types arise, so that in any given community,the hospital has to deal with and “interoperate” with multiple different systems and companies to access data on its to-be-admitted patients? Isn’t this just re-creating the current nightmare of multiple different insurance companies with different claim forms,different procedures and different systems?
I don’t think that’s what the feds or the patients envisioned when they wanted an interoperable EMR. In general, I think more middlemen add to the cost of healthcare,not subtract it.