A Declaration of Data Independence Through the Lens of the Patient

This weekend is not only independence day in the US, it’s the culmination of a patient-led uprising to demand that providers hand over their medical data. To that end I & THCB are supporting Health Data Independence Day. Sign the petition at GetMyHealthData.org and please use and encourage others to use the free tool from the associated Vocatus Project to request your data from your doctors and hospitals. I’ll be taking up the cudgels in the continuing story of my son’s “Search for Intr-Aero-Bili-Ty” but for now we’re thrilled to publish this amazing piece from Health IT expert and very recent cardiac patient, Brian Ahier–Matthew Holt
Screen Shot 2015-07-03 at 4.48.19 PM

Data Liberación is our battle cry…

Six years ago I wrote a blog on Independence Day. In 1776 the 56 citizens of the 13 British colonies signed their names to a document declaring that the King was abusing the colonies and violating the basic principles of human decency bestowed by God. So they declared independence from Great Britain and birthed the United States of America.

Abraham Lincoln said in a speech during his Senate race against Stephen A. Douglas of the Declaration of Independence, “This was their majestic interpretation of the economy of the Universe. This was their lofty, and wise, and noble understanding of the justice of the Creator to His creatures.”

We are blessed to live in the greatest country in the world. We have had many struggles and challenges and have had to to overcome the sins of the past, but the Founders wisely put in place a constitutional framework that allows for transformation changes to occur, generally without bloodshed. The Republic is alive and well and actually improves every generation. I wish all of you a peaceful, safe, and joyous Fourth of July celebrating with family, friends, and neighbors. I also hope that you will participate in the first Data Independence Day.

Tomorrow we need declare our right to access our own health data. For far too long health information has been locked up in paper tombs and sharing has been difficult. A long time policy goal has been interoperability and patient engagement. Todd Park (at the time the CTO of HHS, who then went on to serve as CTO of the USA) rallied the troops at Health 2.0 over five years ago, and Data Liberación is our battle cry…

Patients have been denied access to their electronic medical record. Previously HIPAA was fairly weak in this area. The HIPAA omnibus rule expanded the right to patience access now into the digital realm.  It also updated the notice of privacy practices healthcare organization are required to provide to patients notifying them of their rights under HIPAA.

Among one of the perhaps lesser-known changes to HIPAA are that, if asked, providers must send a patient’s medical record to whatever email address said patient offers. The provider is allowed to warn them of the risks and have them sign a form, however, they are not allowed to deny that request. This actually lays a foundation to go beyond the requirements of the HITECH Act, but a patient access HIPAA violation can be a serious offense. One of the largest fines ever for a HIPAA violation, $4.3 million, was levied for not providing patients access to their own data.

This year the perfect storm arose with the announcement just prior to the annual HIMSS event of a proposal for a significant lowering of the bar for patient engagement in Stage 2 Meaningful Use in 2015, and the fierce opposition from many stakeholders. I was the ring leader for the Blog Carnival during HIMSS and was fortunate to have the topic of patient engagement. Farzad Mostashari, Former National Coordinator at ONC, called for a day of action. That day has come!

I’ve written before that Stage 2 Meaningful Use contains a Core Objective that all providers must use secure electronic messaging to communicate with patients on relevant health information. Another Stage 2 Core Objective is that all providers must give patients the ability to view online, download and transmit their health information within four business days of the information being available. The specifics require that 50% of all unique patients are given access to information, and that five percent (down from 10% in the proposed rule) are able to view, download or transmit to a third party relevant health information. These measures require patients to take action in order for a provider to achieve meaningful use and receive an EHR incentive payment. This year as CMS backed off on many of the requirements in a proposed rule, especially around patient engagement it created quite a stir.

At the Health Datapalooza conference it was announced that July 4, 2015 would be Data Independence Day. Generous donors and tireless advocates combined to create http://getmyhealthdata.org. Farzad Mostashari along with former White House CTO Aneesh Chopra and several open-data and consumer health advocates spurred us into a new phase in the health data access movement. Now a coalition of patient advocates has launched the Get My Health Data Campaign just in time for Data INdependence Day to support patients in asking for, getting and effectively using their digital health data.

This is all backdrop for where this gets deeply personal for me. A couple weeks ago I was in Boston for an invitation-only meeting on developing a national Health Information Technology Platform supporting Substitutable Apps known loosely as an “App Store for Health.” The meeting brought together key stakeholders from industry, government, academia and the public sector to follow up the work begun six years ago at the ITdotHealth meeting. The meeting was moderated by one of my healthcare heroes Atul Gawande. I was scheduled to present on FHIR and talk about how the technical architecture of the future will support clinicians and patients have granular data level access to their health information. Unfortunately, on my way to the meeting I suffered a heart attack, fell and hit my head, and spent a week in the hospital. Fortunately, I was at an excellent world class academic medical center which is also one of the top cardiac centers on the planet. I received excellent care.

Unfortunately, I was never advised of my rights under HIPAA nor provided a copy of their notice of privacy practices (I actually never saw or signed any forms or documents at all during my stay). I have asked for but have not received an electronic copy of my medical record and am still waiting to receive all of the paper records. Remember that HIPAA requires them to provide an electronic copy of my medical record if they are capable of producing it. But the only way to request a copy of my medical record is by downloading a form from their website, printing it, signing it, and sending it by fax (you know that new-fangled health data transport mechanism). Then it will take up to 60 days to be sent.

When asking for an electronic copy I was told they did not have this capability. They do have a patient portal, where you can easily pay your bill, but health data access is extremely limited. They state that “The only way to export this information from the portal is to use the print option. There is no option to save this information to another document/system. Also, your complete medical record is not available on the portal.” After being stabilized and able to travel home to Oregon, I followed up immediately with my PCP, cardiologist, and therapists; however, I had to piece together and incomplete medical record which could scanned into the EHR.

This is truly a call to arms. Every patient in this country should demand their rights under HIPAA and obtain a copy of their medical record, electronically if at all possible. Like the brave patriots from the Boston Tea Party it is time to take a stand…


Spread the love

Categories: Uncategorized

8 replies »

  1. I wish I could say I was surprised you had this experience when trying to access/manage your care records … but been there, done that, both as a caregiver and a patient, to the extent that I’m surprised someone hasn’t taken hostages in a medical records office a la the movie Denzel Washington movie “John Q.” GIVE. ME. MY. DAMN. DATA. and put *me* in control. I’ll assign view/download/transmit rights to the clinical teams that care for me. As long as the status quo rules, and “because HIPAA” is the boilerplate answer on why our most personal of datasets is kept out of our reach, medicine will be stuck in the Error Zone.

  2. We are going to rue the day that we put all these medical records on LANs that connect through the Net. Just now, I received from Caremark/CVS, in snail mail, a pharmaceutical record of many dozens of prescriptions written for a fellow who lives in New Hampshire, going back two years. It gives his full name and birth date and lists all his doctors. They (CVS) are concerned that there might be some drug interactions or improper pain meds and they want my comment. Alas, I am not this person’s doctor (wrong practice location, specialty) yet here, as a complete stranger, I have all these intimate records of someone who, if I wanted, I could extort or blackmail…as the drugs he is taking are not those you would want your friends to know much about. If he were a politician, I could ruin his career. Now, of course, I have to be concerned if my license # and DEA # were compromised somehow. How do I do this? Can CVS legally read me these numbers on this man’s prescriptions?

    • Not sure I understand your point. Paper records sent to the wrong address by US Mail is a use case for LESS digital health data?

  3. Agree that patients should always be able to obtain their own medical records. Would add that this service should be timely and either free or at a nominal cost. Ideally, it would also be patient managed (that is, the patient could do it electronically from his/her own secure portal, rather than having to go to the hospital/clinic and make a written request through a human). BTW, HIPAA is absolutely not a real barrier to doing any of this, though it is often cited as such. This is a permission-based sharing of data for health operations, a HIPAA slam dunk.

  4. Amazing how they can have the most modern technology to pay your bill online (where you have to provide both financial and medical information) But getting access to your own data is still so hard!

Leave a Reply

Your email address will not be published. Required fields are marked *