Last Chance for Meaningful Use

new adrian gropperI mean: Last chance for patients as first-class citizens in Meaningful Use.

The ghetto is abuzz. As I write this #nomuwithoutme  is just hitting Twitter. The reason the natives are restless in the patient ghetto is a recent proposal  by our Federal regulators to downgrade a Meaningful Use (MU) requirement for Stage 3, in the final stage of a $30B + initiative to advance interoperable digital health records. The focus is on something called View / Download / Transmit (V/D/T) but the real issue and the Last Chance is broader and more important. The bad news is that MU may leave patients as beggars for own data. The good news is that the Office of the National Coordinator (ONC)  and Congress are paying attention and patients still have a chance to shift the terms of the debate to what HIPAA calls “the patient’s right of access” and demand that it apply strictly to MU Stage 3 Appication Programming Interfaces (API).

To find the core of the downgrade, search the Notice of Proposed Rulemaking NPRM  for the word “download”. To experience the ghetto first-hand, search the NPRM for “4 business days”. The issue is plain: patients are to get degraded, delayed information through a “portal” that forces us to take whatever the “providers” are willing to grant us.

There are so many things wrong with this picture:

  • The process of using patient portals and V/D/T for interoperability puts an unusual burden on the patient. It’s like your ability to view and download your credit card statement from the bank. A few us do that, but how many of us ever “transmit” that document anywhere else? Ever?

  • Although useful to the patient herself, the health records available to us via V/D/T are risky and expensive for the receiving doctor to process. They are full of information the recipient did not request and might feel obligated to follow-up on. 75-page documents are not that unusual. What is a doctor to do with an abnormal lab result she did not order?
  • The authenticity (provenance) of documents transferred via V/D/T is uncertain because they might have been altered in transit. In the paper days, results and doctor’s notes would have a letterhead and a signature so provenance could be trusted by the recipient. MU has not required that for documents under V/D/T and that poses a cost and a risk to the recipient as well.
  • Another problem is privacy. Every copy of a record made under V/D/T is another thing to secure and worry about. If it has an error, where and how do you fix it? If the information changes between the time you copied it and the time it’s used, how do you alert the recipient? How many copies of your information are out there, and who are they with?
  • The 4 business day delay makes shopping for second opinions and for value even more difficult than it already is.

  • Even so, there are unnecessary barriers to information sharing. The NPRM does not reference the patient right of access directly. For example, it doesn’t say that controversial “one” information request of the downgrade has to be to _any_ email address provided by the patient.

The ghetto is pretty clear. What would patients as first-class citizens look like?

I’m encouraged by this paragraph on p. 49-50 of the NPRM:

We seek comment on potential alternate proposals for this proposed change to the threshold for Measure 2 of the Stage 2 Patient Electronic Access objective. For example, we seek comment on potential alternates such as a percentage threshold less than 5 percent, or a numerator greater than 10 patients, or another similar numerical alternative. We further seek comment on suggestions for other potential alternatives which would accomplish the goals here stated of reducing the burden on providers to account for patient actions while still continuing to encourage IT supported patient engagement.

Another important paragraph shows up three times in this NPRM:

(A) Security. The API must include a means to establish a trusted connection with the application requesting patient data, including a means for the requesting application to register with the data source, be authorized to request data, and log all interactions between the application and the data source.

It’s time for ONC to follow its own JASON Task Force report  and make all of us as patients first class citizens in Meaningfu Use before it’s too late. The “Public API” described by the JASONs needs to be accessible under the HIPAA patient right of access as described in the Security paragraph above and the Office for Civil Rights memo.

V/D/T tweaks are not enough. We have the technology . Do we have the will?

Adrian Gropper, MD is the CTO of Patient Privacy Rights.

Categories: Uncategorized

14 replies »

  1. See WSJ special on data security 4/20.
    Pew survey says PHI security is topmost public wish.
    It looks like encryption is going to be needed.
    I would like to see detailed management plan for how we would handle public and private keys.
    And, of course, what difficulties would encryption cause in computer speeds?

  2. IF the slipper was to be put onto the other foot imagine the cries of stupid, idiot, dumb ** Imagine going to the doctor or hospital and entering the room and refusing to give any information as to why you are there. [a bit like talking to a 4yr old] You guess, Cant say…. Its in my notes,… I don’t want to have everyone having access to my problem.
    Yes I have allergies to meds.. I cant share with you, but if you write me a letter with ID and a copy of your last bank statement I shall send it to you in 28 working days time
    Makes all the comments by those health care providers look pretty silly doesn’t it.
    I have been asking, and even demanded my clinical notes, and just get the OK but never come. So that yes I have to write and demand a copy to be sent to me. I then find mistakes, I then ask for them to be corrected and each interaction I am made to feel the PITA, the neurotic patient, there is no need to mistrust the profession.
    WELL even through the whitewash of clinical records its easy to see the multiple medical misadventures. Then there is silence to the ones that nearly occurred and never documented.
    We don’t want our notes, we NEED our notes, be they in paper form or in EHR state.
    And with the USA declaring it is a leader in the healthcare sector then any further demeaning of the patient, is then quickly picked up by other countries, and followed..
    So any changes affect the world’s people,

  3. Patients should have access to their records, and any attempt to weaken or remove that right must be fought.

    Patients should also have the ability to correct errors if they see them.

    Patients should also have access to pricing information — how much will this cost, and how much will it cost me?

    It’s unfathomable to me that we have built a system in which secrecy is the default. That must change.

  4. @Whatsen Williams
    “I want my records on paper.”
    God, I love you.
    Seriously, this would calm everyone down if this were demanded my more patients. But, whatever, it is important for patients to be able to get their own records, electronic or not.. It will bring about a watershed improvement in quality of care. All of a sudden, all providers will be extremely mindful. And, if we can also allow them to see running charges, this will do nice things to prices and costs.

  5. I want my records on paper. That should be an option. Opt out of the EHR which enables the data thieves.

  6. We also need to be able to have some route to correct errors on the record.

    It’s like the Dilbert cartoon I tweeted today where Dilbert learns he is not going to die, and in the final panel gets the good news – his pap smear is normal.
    I appreciate Scott’s turn of phrase – “throwing glitter on the status quo”, and also Peter’s script for getting the records you want. It is a very reasonable and pleasant way of making it clear what patients want.

  7. Individuals should have the right to have unfettered access and control of their own medical records to share with their healthcare providers as necessary. The freedom to establish a provider-patient relationship with a provider of a patient’s choice is sub-optimal if a patient does not control or have access to his/her own medical records to be able to share with that provider as necessary. The members of the American Healthcare Connect Consortium, the Collaborative Health Consortium and many other individuals and organizations support the right of all individuals to have unfettered access to, and control of, all their health information as a basic right

  8. I’d love to have patients start saying, at the beginning of their office visit, “You know, doc, I’m only going to tell you this stuff and let you poke me and order tests and treatments, because I know that you are going to give me access to everything related to this visit.”

    If every doc started hearing this a couple times a week (let alone all day long) it would re-frame the conversations.

  9. This effort of your group is extremely important. The entire EHR movement will crumble without your group’s goals suceeding. IOW we have to have–MUST HAVE– secure PHI that the patient can easily access.

    This is so critical that there may have to be criminal penalties attached to obtaining patient information without permission from the patient. That sentence in HIPAA allowing “qualified-everyone-under-the-sun may use your health data” may have to be changed.

    You guys should try to write this up in a popular book form expose. It needs a scandal.

  10. If there has been any effort, it has been a token error at best. For example, from CERNER’s annual statement

    “In health care there is a self-evident ethical understanding that a person’s health data belongs to the person as much as it does to any physician or organization that holds it. For several years, this has been powerfully articulated using phrases like
    “Nothing About Me Without Me” and “Give Me My Damn Data,” by everyone from patient rights activists like E-Patient Dave deBronkart and Regina Holliday to health reform officials like Don Berwick and Suzanne Delbanco” -Neal Patterson, Cerner Corporation Annual Report 2014, page 11 http://www.cerner.com/uploadedFiles/Content/About_Cerner/Investor_Relations/2014_Cerner_Corporation_Annual_Report_FINAL.pdf

    While there is mention of two of the most prominent data freedom advocates, unless Cerner no longer owns every bit of the data in every single installation worldwide it is simply throwing glitter on to the status quo which keeps patients at the bottom of the food chain

  11. If health care were about the health of patients, it would be a no-brainer that patients would be given an easy way to see and USE the information they pay the complex system to collect.

    What this makes clear is that health care is now about the care and feeding of large entities who monetize both patients and their information. Patients are simply a raw material.

    Since patients are not at the table making decisions, they have been put on the menu.

    As a patient, family member of patients with serious illnesses, and as a primary care physician with 35+ years of active practice, I have come to believe that there is one and only one solution: it is time for every patient to insist on full access right away to all their information – at every interaction with the health care system.

    When making an appointment. When having a lab draw or radiologic study. When having a preventive visit. When being seen for an acute illness. When arriving in the Emergency Room for an injury. State politely but firmly at the beginning, during the visit, and again at the end: This visit is about me. It’s only purpose is my health. I expect to be given prompt and full access to all the information collected about me.

    Peter Elias, MD

  12. Root issue here is, I’m afraid, the fact that the importance of it to *patients* has not at all penetrated the awareness of the general public. Like due to acronym-heavy context – MU, NPRM (I’m something of an insider, and I myself have no earthly idea what *that* one is), V/D/T.

    MEGO (My Eyes Glaze Over).

    We need a simple message here. One that says to people “this is yours, claim it.” Sadly, without the sense that they (a) see a positive impact on their daily lives or (b) feel like they’ll understand what “their medical data” is, (c) #epicfail on message penetration.

    Millennia of telling people they’re too dumb/dim to understand the workings of medicine takes some serious effort, and clear messaging, to turn around.

    Acronyms – other than WTF – don’t help that effort.