State Surveillance Endangers the Affordable Care Act: A Case Study

… and a call to action. This case study is based on my meeting with the Center for Health Information and Analysis (CHIA) in my home state. CHIA is an all payers claims database, a massive collection of diagnoses, locations, dates and prices for all of your health services across all of your providers and insurers. Whether it’s claims or health records, almost every state and many private clearing houses are setting up to monitor you.

Your information can be used by business to manipulate prices for maximum profit, or by you to inform your choice of health insurance plans and health care providers.

Unfortunately, business can get your information but you can’t. This reflects an industry strategy to obstruct the market-based features of the Affordable Care Act. I hope you will take this case study, edit it, and file it with the Attorney General and Governor in your state to ask for your data as a consumer protection issue. That’s what I’m about to do.

My state is #1! Go Massachusetts! My state is #1 in health care costs. It’s also #1 in implementing a health insurance exchange (Romneycare 2006) and a leader in state surveillance with the 2012 cost containment law known as Chapter 224. Chapter 224 mandates various state surveillance mechanisms including a health information exchange that monitors encounters and an all payer claims database called “the center”.

The cost containment law also includes some consumer protections. Line 1909 states:

“To the maximum extent feasible, the center shall also make data available to health care consumers, on a timely basis and in an easily readable and understandable format, data on health care services they have personally received.”

Although the state surveillance is in place, and the price fixing that keeps us #1 is ongoing, the consumer protection part of the law is not implemented. So, I took the opportunity to meet with the executive director of CHIA and their chief legal counsel and get the scoop on why the state is not following the law. To paraphrase their explanation: “It’s too hard.”

The director’s first question to me was: “What are you looking for?” I explained that since the health insurance exchange offers me a range of plans, I need an electronic copy of all my claims to give to my accountant to get his advice on which plan is likely to save me money. The amount at stake is hardly trivial. Judy and I are healthy, pay about $21,000, after taxes, for health care through the state insurance exchange and could easily save $5,000 per year if we made the optimal choice. Heck, I shouldn’t even need an accountant.

The MA Health Insurance Exchange, a state agency itself, could access my claims in CHIA and just tell me what my overall cost would have been for each offered plan.

My first question to the director was: “Why aren’t you implementing the law?” The answer surprised me. CHIA pointed to the words “To the maximum extent feasible” and said they did not have to implement the consumer protection along with the surveillance because it was too hard. So hard, they said, that it might take 5 years to put in place. Why is it so hard? Here’s where the price fixing IT strategy comes in.

Giving me access to my own surveillance records is too hard because the insurance companies that are sending the data to CHIA don’t have to properly identify me so that I can easily prove to CHIA that the records are mine. The insurance company could identify me properly if they wanted to. They give me an ID card that I have to show my doctor. Everyone knows know how to ID me to send me a bill.

My doctor and my insurance company even know how to ID me on-line so they can give me delayed and fragmented information through their patient portals. But when it comes to giving consumers the power to actually compare prices, health insurers and health care providers make sure it’s too hard.

Martha Bebinger, a local public radio reporter, looked into another aspect of the MA law that’s “too hard”. Her story describes slow progress on the consumer’s right to know the price and, heavens-forbid shop, for a health service. Consumer advocates in other states are also starting to scrutinize the role of inaccessible state databases.

The ACA is a pact between advocates of universal coverage and advocates of market-based health reform. Market-based health reform needs price and quality transparency to succeed. Without informed consumer choices, rising costs and suspicion of rationing could overtake the ACA. The problem, it seems, is that consumer protections have no economic or political backing.

Powerful hospitals and insurers have decades of experience in how to keep US prices 30% higher than the rest of the developed world – We’re #1 as a nation too! What tool do consumers have?

Consumer protection is an essential state function. In health care, powerful business interests are using the state to perform hidden surveillance while keeping price transparency or access to our own records via Blue Button Plus always just out of reach. Other examples of their IT strategy include the industry’s call for coercive patient ID practices and their insistence that “accounting of disclosures”, a key unimplemented part of the ten year old HIPAA law, is “not feasible”.

This CHIA case study demonstrates the limits of regulation and $13 Billion of health IT incentives to self-serving corporate interests. Who speaks for the consumer?

Regardless of where you stand on the politics, secret surveillance of your health care by state agencies called All Payer Claims Database and Health Information Exchange seems just plain wrong. Promoting cost and quality transparency is not a partisan issue no matter how you feel about the ACA. Please consider forwarding a version of this post to your state Attorney General, your Governor and your state consumer protection office. State surveillance does not need to be secret.

Ask for your information, online via Blue Button Plus, because it can save you thousands of dollars at the health insurance exchange. Use comments to this post to let us know what they say.

Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.

10 replies »

  1. As usualy, the US has “reinvented the wheel” instead of seeking international systems for inspiration. In order to prevent abuse of patient data, the payor systems have to be an “anonymizing black box” that would 1) protect patient confidentiality, 2) allow aggregate therapy and outcomes data to be analyzed and 3) never allow any individual or group to be targeted through exploitation of such data. In France, for example, payments are made through autonomous, but publicly funded, clearing houses called “Caisses Primaires d’Assurance Maladie”. It took generations of concertation and tweaking to get the process and systems in place but the principle idea was to guarantee the confidentiality of patients while still being able to exploit useful clinical data.

  2. Vince, I think I am on the same side as the folks who run the state databases and I’ve invited them to join my appeal to the AG. The reason it’s “too hard” is not under their control. If they get unreliable patient ID information, they have no easy way to provide automated Blue Button Plus access by the citizen. This is not a problem we can fix downstream of the “providers” and “payers”.

    My strategy in appealing to law enforcement is to cause the sources of data to identify the patient accurately and in a way that allows the databases to provide on-line access. As I noted in the post, both the providers and the payers have the ability to ID patients for online access to their patient portals. It’s up to them to help the citizen retain this capability when they send data out for surveillance via the state databases.

  3. My pondering goes more to thinking about how you might get the agency to (begin to) supply patient data, not to contest potential damages.

    One thing about the statute your quote seems inarguable — the intent is to get data into patients hands. We can argue about how and when, but “whether” is not an issue.

    Thus, the agency’s answer of “it’s too hard” might work for a short while, but seems like an indefensible long term position. …and even the agency ED and Counsel likely would agree.

    The focus can then shift to getting the agency to develop specific plans, resource commitments, timelines toward achieving milestones to supply data to patients.

    It would probably make sense to try to work cooperatively with them for a while. I don’t know the specific people involved, but the answer of “it’s too hard” has a lot of plausibility in light of today’s highly non-interoperable IT. Unless you really think they’re stonewalling patients, can you sit on the same side of the table with them?

    Attacking and antagonizing could work against patients’ long-term interests to get access to data.

    Very delicate. Lots of judgement involved. Keep at it.

  4. Vince, the ED and Chief Counsel are taking the position that it’s 2) (the agency is operational for over a year). Who is responsible for arguing and in which forum?

  5. Thanks Vince! You are the first lawyer to comment. Indeed, I’d love to bring a test case but I still haven’t found one that works for free like I do.

    Would I have to argue a specific harm to me such as showing that I picked a more expensive insurance plan because I lack the necessary information?

    If the harm is price-fixing, how do I demonstrate that as a specific harm to me? Does this avenue become a class action?

    Aside from Chapter 224, there’s also a public records act dating back to 1974 but it doesn’t require electronic disclosure so it would be a shallow victory.

    This is the reason I will start with the AG and the Governor.

  6. ps

    Here’s another ambiguity in the law that could be argued to mean different things.

    Do you interpret “to the maximum extent feasible” as intended to

    1) Provide DIRECTION to the agency — patients as #1 priority

    2) Provide DISCRETION to the agency — the agency can/should use judgement and has leeway when provide patient data

  7. As a lawyer in a former life, the key wording in the law here seems to be that patient info must be provided “to the maximum extent feasible”.

    Pretty ambiguous. I’d bet there is similar wording in other Masschusetts statutes (& elsewhere?). Any idea how this has been interpreted?

    I think you could argue this at least two ways — 1) patient access is a #1 priority above access to any other party, i.e., NOBODY else gets access to data that patients also can’t access, or 2) patient access is a secondary priority; others determine priority for accessing and gathering data, and when “feasible” (practical? low cost?) patients could also have access to this data.

    Might be an interesting test case.

  8. Powerful article/points, Adrian. Besides reaching out to state AG’s, what other market/consumer forces do you think could be brought to bear that would move the needle? Why are employers seemingly so passive when it’s a huge cost item for them?