Yesterday, ONC held a fine gathering at the Grand Hyatt in Washington DC. There were experts, ONC Tiger team members and cutting edge technology vendors displaying and discussing platforms and software for providing patients the opportunity to define granular consent to the sharing of their electronic medical records down to a data element level.
Somewhere in the midst of watching that fabulous and very complex technology, it occurred to me that I don’t quite understand why we are discussing all these things. Obviously, we all agree that patients have a right to privacy, and as HIPAA outlines, our medical records ought to be protected from wanton disclosure without our permission. However, the showcased products and the ensuing conversations at the Grand Hyatt were on a completely different level of sophistication.
Physicians have been exchanging patient records since medical records were invented. Today, patients are signing the obligatory HIPAA forms giving health care providers permission for these exchanges, and most doctors use fax, phone, courier (usually the patient) and occasionally secure email to exchange medical records. A typical scenario would be a PCP making a referral – a letter summarizing the problem is usually written, some test results could be attached, a big yellow envelope with some film may be handed to the patient to bring to their specialist appointment. Physicians equipped with EHRs are doing pretty much the same, in a more automated fashion. We do not consider this an invasion of privacy.
It seems that things are about to change. Data, as we all know, yearns to be free, and once computerized, all data will finally become free (literally and figuratively). Instead of having the doctor select the pertinent information to be released based on circumstances and need to know, all our medical data will be available for access by all interested parties. So in our referral example, the specialist would request, or be granted, access to our entire electronic medical record. For most folks, this would be unacceptable. This is where consent comes in.
Newly empowered patients, or consumers, will need to go through their medical records and choose who can see what and under which circumstances they can see it. First we need to locate our medical records, which could be scattered amongst the various providers we see, or according to the best Toyota principles, will be all aggregated in a PHR that we control. So either we log into various Patient Portals, at various institutions, to give our informed consents, or log into our PHR which magically contains our entire medical record. In the latter case, it is not clear what the exact purpose of the consent would be since each provider would retain their own “unconsented” copy of the records.
Assuming I have a computer, and assuming I have access to the internet, and assuming my English is pretty good, and assuming my health care literacy is decent and I don’t have a disability preventing me from working with a computer, and ignoring these minute details, which are surely going to be resolved soon, let’s proceed with consenting. Since we have a specialist appointment coming up, we should decide what the specialist should see. Probably only stuff associated with the reason we’re going to see her for. We can safely check everything else off. Our PCP ordered an MRI, but we would really like the specialist to do her own tests, so let’s check off the MRI too. On second thought the blood tests looked a bit peculiar the first time around, let’s have some new ones, or let’s see what the specialist decides to order on her own. Checked off.
Now we need some general consent policies too. Who should be able to see our genetic information regarding increased risk for breast cancer? Nobody, that’s our own private business and if the insurers find out, we’re toast. Checked off. How about that little episode of depression? Oh, no, that’s nobody’s business either and we’re fine now. Checked off. At this point, all an unauthorized person can see is that we blocked all access to genetic information regarding breast cancer and mental health information. Hopefully it works better than invoking the Fifth Amendment in a court of law.
I understand Electronic Medical Records and wholeheartedly support their adoption. I understand that physicians need to exchange medical data in order to provide care. I understand per incident data exchange and I understand NHIN Direct. I completely understand a patient’s right to obtain a copy of all his/her records and I definitely understand the imperative to protect medical data from profiteering, legal or otherwise.
However, I do not understand the logic of opening up access to the entire medical record just so that patients can go back in and block same access, data element by data element. I also don’t understand the clinical value of a medical record that can be redacted at will without physician knowledge. And most of all, I don’t understand how small rural and underserved clinics, and their equally underserved patients, get to participate in this exquisite technology plan. Will this exercise improve quality of care? Will it reduce costs? Will it reduce disparities?
Margalit Gur-Arie blogs frequently at her website, On Healthcare Technology. She was COO at GenesysMD (Purkinje), an HIT company focusing on web based EHR/PMS and billing services for physicians. Prior to GenesysMD, Margalit was Director of Product Management at Essence/Purkinje and HIT Consultant for SSM Healthcare, a large non-profit hospital organization.