Every day millions of Americans and billions of people around the globe are routinely accepting colorful pieces of paper in return for their labor and placing those hard earned possessions in modern glass buildings whose owners they do not know. It took a few hundred years to change how business transactions are conducted, but today, there is very little apprehension about depositing one’s wealth in a bank. Public trust in both the government issued paper and the financial institution’s ability to safely store the increasingly virtual representation of buying power had to be painstakingly created and watchfully maintained.
When people, for one reason or another, lose trust in government paper or banks, the entire financial system fails miserably. Public trust is a prerequisite to any national monetary system and public trust is a very delicate thing. Nations create laws and regulations around financial institutions specifically aimed at building public trust.
People have to trust that paper and its virtual counterpart can be exchanged for goods and they need to trust that banks, while safely storing their funds, will always make them available to their rightful owner on demand. Banks have a legal and fiduciary responsibility to take good care of your possessions, thus very few folks feel the need to store their family jewels in a strong box under their floor boards.
The fast approaching era of Health Information Technology (HIT) raises the same dilemma faced by our forefathers trying to decide if they should take their gold coins to the bank, or stuff them in a secret compartment of their jacket, or maybe bury them under the cowshed. We need to decide if we want to make our Electronic Health Record (EHR) part of a Health Information Exchange (HIE), or carry them with us on a USB stick, or just leave them locked up in our doctor’s office. There are obvious benefits and risks to each approach.
As long as banks were easily robbed on a daily basis, and as long as nobody guaranteed that your money was safe in a bank, and as long as you didn’t travel much, the cowshed was the best option. For the frequent traveler, the lovingly sown secret pocket was the optimal choice. When bank robberies disappeared from our daily experience and boats, railroads, automobiles and eventually airplanes transformed us all into a society of modern nomads, banks became the most practical choice, particularly since government insured our deposits were safe. Having a critical mass of citizens elect to store their wealth in banks allowed the economy to flourish. Millions of small personal fortunes aggregated together served as the engine by which banks fueled growth of businesses, which in turn created more and better paying jobs and ultimately added much value to those disparate small personal fortunes. Everybody benefited.
In 21st century America, most of us travel and change residence frequently. It would be nice to have our medical records be as portable as we are. Most of us use computers every day and couldn’t imagine life without the Internet. We also recognize the benefits of aggregating millions of data points to bring about more medical knowledge, better research and ultimately better health outcomes for everybody. So why is it that most people surveyed are as uncomfortable with EHR and HIE as Farmer John was with banks two hundred years ago?
In Health Care today we are at the “daily bank robbery” stage. It seems that every day another laptop loaded with clinical data is stolen, or a hospital computer system is breached. On top of that there is very little government assurance (HIPAA) that those holding our medical records should act responsibly and not use our personal records for “getting rich quickly” schemes while possibly inconveniencing, or even harming, us in the process. So before Farmer John can bring himself to deposit his medical records with an HIE, he needs evidence that not every fifteen year old with a gun (hacker) can easily avail himself of any records he chooses to have. Security of electronic medical information must be of Fort Knox quality. This is not currently the case when all sorts of unencrypted laptops and portable storage devices are floating around in employees’ cars and homes, and most hospitals and clinics have nothing in place even remotely resembling the security of financial systems.
When you deposit your valuables in a bank safety deposit box, banks are prohibited from peeking into your box, making lists of your possessions and sharing that information, unless required by law. When it comes to medical records, aggregators may hire a person familiar with statistics to attest that sufficient data elements were removed from personal records before a sale of information takes place, so only a “very small” risk of identifying the owner remains (HIPAA § 164.514), and there is no requirement for public disclosure of these shady transactions. EHR data sets are very rich with personal, not just medical, information and are worth many billions of dollars. Selling records to marketers, employers, “wellness companies”, insurers, pharmaceutical and device corporations should be explicitly prohibited by enforceable legislation. Aggregators of medical records should be allowed to modestly profit from supplying data to non-profit research institutions, and just like banks pay interest to those facilitating bank profits, medical records aggregators should share profits with Farmer John, either directly or by reimbursing providers for electronic data collection. And no, free software is not nearly enough compensation. Furthermore, any and all dealings and data exchanges should be fully transparent to the customer who chooses to deposit records with a particular aggregator. If Farmer John does not approve of an HIE’s policies and transactions, he should have the ability to take his medical records elsewhere. We need to know that our records are properly guarded and that we are the ultimate decision makers when it comes to their utilization. Public trust will follow.
Trust is not built in a day and trust is not created in complete darkness and trust will not come about without concrete evidence that trust is possible. Asking people to trust their life records to an unnamed chain of software vendors operating with no legally enforceable regulations, while the headline news are chockfull of medical records robbery announcements, is very similar to Jesse James requesting Farmer John to deposit his life savings at the rickety bank he is about to rob. Talk is cheap and Americans are smarter than that. Like Jesse James, I am from Missouri, so “Show Me” trustworthy conduct and I will trust.
Categories: Uncategorized
I was not talking about minority kids, since I know you have a “soft” spot in that area. I was talking about all kids whose education you are paying for even if you don’t have kids, or they are all grown now.
Of course Amex wants you to pay your bills, just like you want me to pay my premium. Amex is not hounding you though to consume less, or herding you forcefully into venues most profitable to Amex.
I’ll take a wild guess here and say that would be very different if you received your credit card from your employer who would be withholding part of your wages to pay for your purchases.
I agree it would be nice to have choices in electricity and sewer service, but that’s a bit tricky from an infrastructure perspective. I don’t see a problem with regulating the minimum basic service while allowing extra services to compete freely.
I should warn you Margalit CNN and I are in cahots to discredit you.
http://www.cnn.com/2010/TECH/innovation/08/09/smart.grid/index.html?hpt=C1
Experts on the nation’s electricity system point to a frighteningly steep increase in non-disaster-related outages affecting at least 50,000 consumers.
During the past two decades, such blackouts have increased 124 percent — up from 41 blackouts between 1991 and 1995, to 92 between 2001 and 2005, according to research at the University of Minnesota.
In the most recently analyzed data available, utilities reported 36 such outages in 2006 alone.
“It’s hard to imagine how anyone could believe that — in the United States — we should learn to cope with blackouts,” said University of Minnesota Professor Massoud Amin, a leading expert on the U.S. electricity grid.
There is the key, learn to cope, if we would just learn to accept subpar healthcare then we can say our new Medicaid system is acceptable and good, like the british do.
“That’s how enlightened societies work.”
So paying minority kids to get knocked up and have kids is enlightended now? Sustainable socities have parents that support their kids, not communities like one of your dear leaders believes.
“You do have a negotiated price though. That’s one of the services we’re paying you for – group purchasing.”
Which has nothing to do with cutting the check so I don’t see where you have a point? By your thinking my amex card which gets me all sorts of discounts should not require me to pay my bill monthly they should go after those who I shop at to control my spending? Your grasping.
“Works pretty good where I live and uniformly well elsewhere, which is more than I can say for health care.”
Again you lost the factual battle so your trying to get subjective. Who is your choice of water and power that has been fostered by a “solid” regualtory enviroment? There is far more competition in health insurance then utilities. I know for a fact people in Cleveland are happier with their health insurance then their water company. Personally I love rolling brown outs when I lived in CA and now in NV when its 110 out. Nothing like having your AC out for half an hour becuase they can’t deliver.
“Put that on the back of your T-shirts and send me one.”
its to wordy, we could have free the bytes on the front and a byte monster behind bars on the front, can anyone draw a bite monster? And no uber nerds with a 1 & 0 metaphorical representation, while funny binery code jokes are lost on the majority of the public
“Sick people are spending someone else’s wages.”
Yes they do. And children spend someone else’s tax contributions too. That’s how enlightened societies work.
“I/insurance don’t have a contract for payment with the provider”
You do have a negotiated price though. That’s one of the services we’re paying you for – group purchasing.
“Like with electricity, water, phone, cable, trash, etc etc etc.”
Works pretty good where I live and uniformly well elsewhere, which is more than I can say for health care.
“So you oppose HCR and Obama’s demand to know if and from whom I purchase insurance, what type of benefits I buy, and how much I pay for it?”
They know that already…. from the Free Bytes.
Seriously now, I have my reservations regarding the wisdom of the individual mandate.
“Free the Bytes! I’m printing t-shirts as I type”
Yes, Free the Bytes, by all means. Just make sure you lock up the Byte molesters first so the little Bytes can be truly free.
Put that on the back of your T-shirts and send me one.
“Whatever they spend on benefits is in lieu of wages.”
Sick people are spending someone else’s wages. The need to control people spending other peoples money stands.
” Put pressure on those you pay out to, not those who pay you for services.”
Legally and philosphically almost all benefits are paid out to the policy holder. Via assignment of benefits the policy holder ask the check instead be sent to the provider. I/insurance don’t have a contract for payment with the provider, our ocntract is with the member and thus they are really the only one we can pressure.
“If you take the employer out of the equation and put some solid regulations in place we can have real competition on value, service, quality, etc.”
Like with electricity, water, phone, cable, trash, etc etc etc. I can’t think of any time “solid” regualtion has fostered real competition. In fact “solid” regualtion almost guarantees a lack of competition as politicians then sell influence. Current example, change carriers lose your grandfathere status, how is that fostering competition?
“Privacy is a right and I don’t like slighting basic rights in favor of efficiency, security, morality or whatever else comes up periodically.”
So you oppose HCR and Obama’s demand to know if and from whom I purchase insurance, what type of benefits I buy, and how much I pay for it? Would love to see your opinion on the progressive income tax, cause obviously it is no ones business how much money I make, how I make it, how much I give to charity, and so on and so on….right?
Free the Bytes! I’m printing t-shirts as I type
incohate, I fully appreciate the value of aggregated medical records and that is why I would like to see proper regulations in place. People will not participate if they cannot be assured that the level of confidentiality they came to expect in a doctor’s office can be maintained while aggregating data. For good reason or just subjective embarrassment, people prefer to keep certain things to themselves and they should have the right to do so.
Also, I don’t see what exactly gives software vendors ownership rights to the bytes and bits they are storing. It is possible that providers have legal “ownership” of the actual records created by them, but software or hardware vendors most certainly do not.
ciphertext, I think the “ownership” issue is a bit more complex than usual. The provider’s ownership translates into the fact that a patient cannot walk into a clinic and physically remove the records. However, the provider’s ownership is restricted by the requirement that any disclosure of the contents must be authorized by the patient. It is this latter issue that needs to be addressed.
I don’t think there is any contention between provider and patient other than making the contents readily available. It is all those intermediaries and business partners which now handle electronic records that must be policed.
As to Google, even if they don’t actually ship out information, they are perfectly positioned to do all the marketing themselves. The more data you give them, the more targeted their ads become and the bigger their revenues. I’m not sure what their software plans are, but Google is the ultimate advertising machine and advertising needs data to be successful.
“an art gallery where your entire collection is now sitting on display while the bank CEO is collecting $50 entrance fees from any interested passer by”
The analogy is accurate.
Regarding Google’s intentions, who knows? Likely Google executives do not even know at this stage.
Also it should be noted that Google is not the savior of the world in regard to software. The company has created wonderfully useful software, almost entirely by using FOSS software and of course by exploiting the many virtues of networking in ways that other commercial enterprises have not. Its business paradigm is almost the complete opposite of Microsoft’s for example.
That Google makes a massive amount of money through click advertising is not a virtue in my eyes however, although at least the revenue is not dependent upon monopoly positioning as Microsoft’s has traditionally been.
Nate, insurers don’t pay “the bill”. People pay the bill. Insurers only manage the pass-through process while extracting a nice profit from the entire thing. Employers don’t pay the bill either. Whatever they spend on benefits is in lieu of wages.
All that said, I agree that in return for profit taken, insurers should make an effort to keep costs down on behalf of their customers. However, that should not be accomplished by terrorizing the customer. Put pressure on those you pay out to, not those who pay you for services.
Part of the problem here is that consumers have no power to police insurers since they do not purchase policies directly. If you take the employer out of the equation and put some solid regulations in place we can have real competition on value, service, quality, etc.
I’m glad employers are afraid to look at claim data. They have no business looking at it. This entire arrangement is wrong on every level.
Privacy is a right and I don’t like slighting basic rights in favor of efficiency, security, morality or whatever else comes up periodically. It’s not worth it in the long run.
“while I certainly don’t want Nate to have any of my personally identifiable data ;-),”
Its to late for that…so about that test you had last march, how did you get that exactly????? Some nice comments about me and the WWW will never know….
” it could be inferred, and it currently is, from the ICD9s on the claim.”
How do you audit the providers coding? Medicare’s biggest problem now is they trust providers to bill honestly and it has failed terribly.
“This is a responsibility to be shared between doctors and patients only.”
Like above this has been tried and failed terribly. Under our current system and more so under HCR neither the provider nor the patient have financial responsibility. HCR makes the sitution even worse. If neither patient or doctor take responsibility then who does and how do they do it with 2 hands tied behind their back? The person paying the bill should always be allowed to see what they are paying for.
” Insurers, including CMS, can establish policies to encourage wellness, but I don’t think they should be in the business of watching my vital signs.”
A person that refuses to monitor their vital signs or take care of themselves should not pay the same for healthcare as a person that does. How do you reconsile this with your proposed system or do you not believe that people should pay based on the risk they provide? If that is the case I wish you ran a restraunt, all you can eat filet and lobster for hamburger prices. Tax payors can only afford that for so long….say 1965 to 2023 long roughly.
“Self-funding employers already quake at the possibility of being found using an individual’s data to make decisions adverse to that individual, without that individual’s express consent;”
Not very funny reality…yesterday I had a meeting with a new client, they just went with us 3 months and we meet to go over their first batch of claims data. Giant Eagle started a new program to give away free diabetic meds. So I had our PBM query our short claims history and run me a report of those individuals taking one of these now free drugs. So I pull out copies of the report and no one wants one. Here we are trying to save some free money and HIPAA has everyone scared, they where all decision makers and entitled to the data but the myth of how evil companies misuse such info and the government waiting to send me to HIPAA island to rote scares people away from taking meaningful action. Finally we decided I’ll write a letter to each person, seal it in an envelope and they will hand them out. Efficently running a plan shouldn’t be that hard.
“while the bank CEO is collecting $50 entrance fees from any interested passer by.”
This would really piss me off! He should be able to get atleast $100 to $150, my collection of abstract art from pretty much talentless artist is unrivaled in my local banks value.
Margalit,
From Google’s Privacy Policy Page:
sourceI’ve extracted the most interesting points (to me anyway).
I would speculate that Google’s business model with regards to the health records would follow one, all, or a combination of these scenarios.They (Google) most likely are positioning themselves as becoming a national scale HIE or clearinghouse.The storage of your health information provides a “hook” or outlet to market other related services to you and the medical professional whom you provide access to your records.Google may wish to enter the EHR/EMR/PMR/(other related acronym) software business. It would be a great selling point to say that you already maintain health records. It would also be a good selling point for demonstrating expertise for developing open standards (think W3C, IEEE, etc…) for health data interchange.I believe that in most states the physician (or business/practice/hospital) that generated the records has ownership to the records. I provide the following information as support. It’s an article from Kate Jackson that appeared in “For The Record” in 2005. It quotes Bill Spratt, the healthcare partner at Kirkpatrick & Lockhart Nicholson Graham as saying the following:
ciphertext,
Just curious, what do you think the Google Health business model is?
Providers don’t “own” the data in the sense that they own a car or a building. They have to maintain copies of the data for legal purposes, but the actual content, the patient story, is only held in trust by the doctor subject to an ethical and legal obligation to maintain confidentiality.
This is not ownership in the sense that the doctor is free to conduct transactions with said data.
The problem with EHRs is that now there is a third party involved, the vendor, who is performing the task of physically storing the data on behalf of the doctor. I am of the opinion that vendors should only act as an extension of the physician, and not be allowed any liberties of disclosure independent of the original trust based relationship between patient and doctor.
For some reason, vendors maintaining physicians’ medical records repositories, seem to think that the contents of those increasingly large databases, somehow belong to them even if the actual database resides in the doctor’s office. It is similar to a paper products vendor demanding access to all the charts in your office just because he sold you the paper goods.
If you want a better analogy than money, suppose that you just stored your valuable (or not) art collection in a bank vault, and suppose that a few days later you walk by an art gallery where your entire collection is now sitting on display while the bank CEO is collecting $50 entrance fees from any interested passer by.
Margalit, while I certainly don’t want Nate to have any of my personally identifiable data ;-), I do agree with him that you may have fallen into the same misguided thinking about the risks – when stacked against the benefits – of more “interconnectable” health data that marks logic of the mostly unreasoning tribes he alludes to.
Health records are quite like telephones, in that individual units have almost no value; they gain value with each unit added to the network.
Self-funding employers already quake at the possibility of being found using an individual’s data to make decisions adverse to that individual, without that individual’s express consent; can you imagine a jury that would not help a party so aggrieved to dig painfully deep into the offending employer’s pockets?
So they don’t do it. Their principal and almost exclusive interest in health treatment data is its value in aggregate.
There are certainly risks involved in connecting to the network(s), but they are also almost always outweighed by the potential benefits.
Nate, most of your examples can be accommodated by pre-aggregated data (number of referral to a particular specialist, percent of imaging tests ordered for a particular Dx, etc.).
As to severity, I have my reservations regarding this particular CMS concept, but it could be inferred, and it currently is, from the ICD9s on the claim. Complexity of decision making, which is another factor for increasing the CPT level, will not become apparent without a chart audit anyway.
If insurers are barred from exclusion of pre-existing conditions and from disclosure of information and from selling of information, I don’t see a problem with allowing them access to a de-identified, limited data set, centralized repository, particularly if they have very little freedom in raising premiums.
As to compliance and other personal factors, as you know, I don’t see the insurer, or employer, as being in charge of one’s actual health care. This is a responsibility to be shared between doctors and patients only. Insurers, including CMS, can establish policies to encourage wellness, but I don’t think they should be in the business of watching my vital signs.
“Why should the doctor have ownership rights to that data?”
They are liable for the decisions they made that were based in large part on that data. How does a doctor defend himnself in regards to ordering or not ordering a test if we is not allowed to retain the information he used to make that decision?
There are also numerous Federal and State regualtions that require they keep such data I beleive. The largest offender of selling personal information is the government, state and federal sell far more personal info then anyone else.
“They will not share it nor will they provide access to it except to those that you have explicitly directed have access.”
Cops or government comes knocking an ddemands the info you think they won’t give it up?
“Why would they want to part with control of that data?”
Most providers and insurers are doing the right thing. If you offered a better database with more data and more detail I think a number of these would sign on.
I have long suggested a single national clearing house for medical claims akin to the Fed for ACHs. There are some real tangible benefits to access of data.
Other marketing organizations should not be even able to contemplate legally obtaining such data.
I wont disagree that marketing firms should not be able to access any of this data then bombbard us with solicitations. But take the baby out before you throw away the bath water. I can think of dozens of other firms that aren’t marketing that benefit from this data in legit ways that in no way harm the patient.
Fraud, with 5-10% of the market it is hard to spot trends. If someone mines data on 80% of the market they can notice doctor A refers a lot of patients to shrink B, who then treats X% of cops who receive disability pay on top of their pension. I don’t need to know the names of the cops but by seeing the referal patern between Doctor A and Shrink B I can identify fraud and abuse.
If 60% of Doctor A’s, new doc A, patients have follow up X rays or lab test or what ever compared to an average of 30% for all other doctors, wouldn’t it be nice to be able to target these patients?
This would be another example where the comparison of health records to something akin to “money” doesn’t work as well as hoped. Certainly, the doctor has been “tapped” for their skills and remunerated accordingly. I suppose another question would be “Why should the doctor have ownership rights to that data?” As it stands today, the physician (or business) owns the information it generates. Why do you suppose that is the case in most (if not all) states? Indeed, the “implied” contract between most physicians and their patients is that there should be payment for services rendered. But why does the M.D. (business) get to keep the data? Probably because there is no formal contract entered between the patient and physician that stipulates the relationship and nature of the work.If we examine other service industries that collect personal data, we see the same pattern. The various credit granting agencies all maintain records of your use of that credit. They must, as GAAP and various financial regulations enacted by Congress, the S.E.C., and state regulatory authorities require that they keep adequate and exact accounting of their debits and credits. Certainly this is true of a physician’s practice as a business. However, they also maintain medical information which are subjected to a different set of rules and regulations. In both cases (financial and medical), the aggregated data is the property of the physician.
True enough. But at least in the case of Google, you own that data. They will not share it nor will they provide access to it except to those that you have explicitly directed have access. You are even able to filter to what components of the data those persons have access. I think the real questions people should contemplate are this:Who owns the data?Who decides upon the access to that data?Who decides upon the use of that data?I believe that HIE’s already exist within the confines of hospital, insurance, and provider networks. Why would they want to part with control of that data?
if I am a healthplan, insurance company, or some other entity that is paying individual’s healthcare bills do I not have the right to know who the non compliant diabetics are for example? Or smokers? How do we control cost if we are denied all the info to identify that which causes the cost?
If you don’t want your info shared then pay for your own care. Cash doesn’t create any records.
what are these shadier reasons you think exist or could exist? Curious if they are real or just liberal myths. There are obviously people out there who think when you apply for insurance evil insurance companies call up some secert data base and find out your personal info including what you had for lunch and how often you have sex with your wife. Basing legislation on the worped perspective of these wackjobs seems a sure fire receipte for failure. Existing HIPAA is already over written and hinders legit business becuase it was written to address myths.
What do you think of payment modifers based on severity? Many providers would argue they should be paid more for more sever cases, if you can’t substantiate the severity of the case how do you justify extra compensation?
Medical homes are suppose to solve most of our problems, shouldn’t a PCP treating someone with high BP, bad cholesteral, and a family history of this and that be paid more then someone treating a healthy individual with no significant family history?
Most of the abuses people are screaming about are imagined. The very real damage denying access to needed information causes has already been shown.
Nate, you bring up an important distinction between patient data and doctor, or enterprise data. Aggregated statistical data, or metrics, such as number of patients with Diabetes, or number of patients over 65 who had flu shots, etc. is in my opinion the property of the provider and can be shared with other agencies without explicit permission from patients.
However, disaggregated full medical records de-identified or not, are, or should be, the property of the patient. Something like Patient XX’s longitudinal history of problems and treatments, complete with Social history and Family history does not belong to the provider. On top of that de-identification, per HIPAA, to the point where the record cannot be reidentified, renders most data useless. Hiring some statistician to attest that the risk is “very small”, while retaining some identifiers, doesn’t sound too convincing to me.
I think that for your purposes of assessing costs of providers, pre-aggregated data should suffice. For the other shadier reasons a payer may have, you would need full medical records and I don’t think payers should have an automatic right to those. Other marketing organizations should not be even able to contemplate legally obtaining such data.
“No, we have a “health payment system” in which those who are healthy, haven’t gotten cancer, or don’t have asthma, or haven’t fallen out of a tree lately, are NOT punished by dire financial pressures.”
You ignoring the 60% of the population that have group insurance where the person with cancer and asthma is charged the same rate as their co-worker who is perfectly healthy? Other then that great drabble for the 5 million people out of 300 million your rant applies to.
“The only advantaged in this “system” are those who collect the passing money and data.”
A course or two in economics would also serve you well. Rural facilities and small ones in general could not handle the unknown revenue rollercoaster present without insurance. Specifically to the aggregation and selling of data it serves the market as a whole to smooth out projections. By aggreating data from the enrire market actuaries are better able to estimate cost and trends. We also use such data aggreagtion to demand deeper discounts, if I know the hospital across the street is doing the same number of surgeries with the same outcomes and making 20% less I can use that to drive down the price, something that directly benifts the patient you claim is being used.
FYI Rob caring doesn’t pay your student loan or mortgage.
Why does a doctor who performs a service not have equal ownership to this recording of that event as the individual who received the service. If I ask a doctor how many patients he saw today are you claiming he shouldn’t be allowed to answer that without getting a release from everyone of those patients? Of course not, that is absord, I hope you see that. So the quesiton is not if others should be entitled to this info but to how much. Once you stop with the hyperbole most people agree data scrubbed of personal identifiers is fair. The provider has just as much right to that informaiton as the patient and if they wish to sell it so be it.
Lovely analogy. Thank you!
Dr. Techner, you bring up a totally different “trust” issue, which I agree, must be addressed, and the sooner the better. There were some suggestions of requiring EHR vendors to add a “Report” button to their software to enable users to report issues and bugs right from the application. I would love to see that, particularly if the report would go directly to the FDA.
Wendell, I completely agree with your proposition. we need to remember that the collection of data is yet another leak of money out of our collective health care pot. According to a recent PwC report, he immediate costs of implementing HIT will more than likely be passed down to the consumer. It is only fair to require that the profits from data collection should be returned to the system.
Rob, on top of the issues you mention, we do also see multiple security breaches and the daily headlines do nothing to foster “trust” in a system where personal health data is routinely sitting unencrypted on portable devices, some of them employee’s private devices.
ciphertext, I think the reason to want data in an HIE is the high availability which a USB stick does not have (you may forget it at home, it may be lost in an accident, locked in a car…when you need it most).
Storing your records in Google or Microsoft is no different than an HIE. Perhaps the vendor is different (not necessarily though), but the problem is the same.
I believe there is a major incentive to “invest” in an HIE (the loose term, not necessarily the current incarnation). When you invest money, your returns are monetary. When you “invest” your health records, your return should be better care, better research and better medicine in the long term.
This is why, in my opinion, we must get this right and remove the predatory elements from the system.
The analogy is flawed in several respects. One, and the most “unrecoverable”, would be that of medical records ownership. Assuming that the money in a person’s bank account isn’t sourced from a loan (or other credit vehicle), nor stolen; private property rights afford ownership of that money to the persons named on the account. This isn’t so regarding medical records. I cannot be for certain for all states, but the records are owned by the medical professional (or business) that created them. To correct this, the person (patient) would need to be given sole ownership rights to the medical records. This would allow the owner to grant usage rights to medical professionals. Secondly, why would I want to place my medical records into an HIE (not really a bank, so much as a data clearinghouse)? What is my incentive? Why would I not simply carry them around with me as I do cash? I wouldn’t be using, hopefully, my medical records as routinely as I do my cash. I could keep them on an encrypted USB card, Smart Card (like the Hughes GEM Plus), or I wouldn’t have to carry them around at all. I could simply store them in my Google or Microsoft health profiles online. I could simply keep a copy of them in my own safe for that matter and shun online storage altogether. I have no gain investing that information in a data warehouse, as I do with stock investments. I don’t really have an incentive to do anything with my medical records accept to keep them as I would a land deed or some other certificate of ownership for tangible and intangible property.
“n Health Care today we are at the “daily bank robbery” stage. It seems that every day another laptop loaded with clinical data is stolen, or a hospital computer system is breached.”
No it doesn’t. And the reason people don’t trust the “healthcare system” with data isn’t that it will be stolen. It’s that it already HAS been stolen, and will be used to judge the patient, in the future, be persons unknown, as to his/her worthiness to receive payment for care, which is the same thing as care itself. We don’t have a “healthcare system,” which presumably is focused on providing medical care to those who need it, using industrial efficiencies of scale – something which is arguably good or bad.
No, we have a “health payment system” in which those who are healthy, haven’t gotten cancer, or don’t have asthma, or haven’t fallen out of a tree lately, are NOT punished by dire financial pressures. The only advantaged in this “system” are those who collect the passing money and data.
Please don’t pretend this is an issue of data security. The data is owned by organizations who want to use it only to their financial advantage. It’s already stolen. It’s already cash to someone.
We’re being had.
Medical data sharing will come of age when it is, truly, a matter of medicine and there is no financial element to it. No proof of the sin of prior illness, no hint of a scandalous fall from a bike when we were 8. Only scientific and historical data aimed only at the practice of medicine, not banking.
I know this sound simplistic to the cynical among us. That’s because it is simple. It is finance that is making the subject complicated. It is the not-so-hidden agenda in the hearts of industry “leaders.”
And really, that’s the trouble with a lot of things. Really caring for someone has not advantage at all, except to the person caring, who knows it’s right and that the world isn’t quite as harsh as we are led to believe.
“Aggregators of medical records should be allowed to modestly profit from supplying data to non-profit research institutions, and just like banks pay interest to those facilitating bank profits, medical records aggregators should share profits with Farmer John”
This of course does not happen now with the sale of data from prescription purchases to drug marketers/manufacturers. The public of course has no clue about this: that their personal data are being aggregated and sold for income to other parties.
The marginal cost of data aggregation is minimal, so a very nominal fee to cover the incremental cost of providing the aggregated data for research purposes is all that is required.
Sale to profit-oriented entities should be banned. The data can be obtained from the research entities – paid for if need be, but at least the contribution of the public of the original data redounds to the public in the form of funding for research.
Great post. Not only is there distrust in the vendors and “businesses” protecting patient privacy;
but there is distrust by physicians and nurses of the HIT devices to provide the right care to the right patient at the right time. The mistakes promoted by these systems of care are leaking out and are pervasive and extensive.
All readers of this blog could help improve the trust for these devices by reporting all adverse events so associated to MedWatch of the FDA. It is still listing them and dealing with them.