By ADRIAN GROPPER
Imagine solving wicked problems of patient matching, consent, and a patient-centered longitudinal health record while also enabling a world of new healthcare services for patients and physicians to use. The long-awaited Notice of Proposed Rulemaking (NPRM) on information blocking from the Office of the National Coordinator for Health Information Technology (ONC) promises nothing less.
Having data automatically follow the patient is a laudable goal but difficult for reasons of privacy, security, and institutional workflow. The privacy issues are clear if you use surveillance as the mechanism to follow the patient. Do patients know they’re under surveillance? By whom? Is there one surveillance agency or are there dozens in real-world practice? Can a patient choose who does the surveillance and which health encounters, including behavioral health, social relationships, location, and finance are excluded from the surveillance?
The security issues are pretty obvious if one uses the National Institutes of Standards and Technology (NIST) definition of security versus privacy: Security breaches, as opposed to privacy breaches, are unintentional — typically the result of hacks or bugs in the system. Institutional workflow issues also pose a major difficulty due to the risk of taking responsibility for information coming into a practice from uncontrolled sources. Whose job is it to validate incoming information and potentially alter the workflow? Can this step be automated with acceptable risk?
It’s not hard to see how surveillance as the basis for health information sharing would be contentious and risk the trust that’s fundamental to both individual and public health. Nowhere is this more apparent than in the various legislative efforts currently underway to expand HIPAA to include behavioral health and social determinants of health, preempt state privacy laws, grant data brokers HIPAA Covered Entity status, and limit transparency of how personal data is privately used for “predictive analytics”, machine learning, and artificial intelligence.