Now it’s clear. On Thursday, the Office for Civil Rights, responsible for HIPAA enforcement and protecting the public, published a new guidance to interpret HIPAA with respect to data blocking. The limits of the current law are now evident. In the interest of affordable health care, the Precision Medicine Initiative, and common sense, it’s time for Congress update HIPAA. Believe it or not, HIPAA still allows hospitals and other electronic health record (EHR) systems to require paper forms before they release data under patient direction. Along with an allowed 30-day delay in access to electronic health records, this data blocking makes second opinions and price comparisons practically inaccessible. Over $30B in stimulus funds have been spent on EHRs and now it is still up to Congress to give to patients full digital access to digital data.
Data blocking is the result of deliberate barriers designed into current EHRs that prevent patients being able to use their own data in efficient and innovative ways. It is practiced by both EHR vendors and healthcare institutions to avoid competition by favoring the services they control. As hospitals consolidate into massive “integrated delivery networks”, the business logic for data blocking becomes clear and irrefutable. Data blocking ensures the largest health delivery networks will get larger and control pricing. The bigger they are, the more data they have about each patient and the more money each patient’s data is worth to outside interests like pharmaceutical companies and data brokers. The results are ruinous healthcare costs and hidden discrimination in insurance, credit, employment, and other key life opportunities.
This weekend the NYTimes published an editorial titled Give Up Your Data to Cure Disease. When we will stop seeing mindless memes and tropes that cures and innovation require the destruction of the most important human and civil right in Democracies, the right to privacy? In practical terms privacy means the right of control over personal information, with rare exceptions like saving a life.
Why aren’t government and industry interested in win-win solutions? Privacy and research for cures are not mutually exclusive.
How is it that government and the healthcare industry have zero comprehension that the right to determine uses of personal information is fundamental to the practice of Medicine, and an absolute requirement for trust between two people?
Why do the data broker and healthcare industries have so little interest in computer science and great technologies that enable research without compromising privacy?
Today healthcare “innovation” means using technology for spying, collecting, and selling intimate data about our minds and bodies.
This global business model exploits and harms the population of every nation. Today no nation has a map that tracks the millions of hidden data bases where health information is collected and used, inaccessible and unaccountable to us. How can we weigh risks when we don’t know where our data are held or how data are used? See www.theDataMap.org .
Long time (well very long time) readers of THCB will remember my extreme frustration with Patients Privacy Rights founder Deborah Peel who as far as I can tell spent the entire 2000s opposing electronic health data in general and commercial EMR vendors in particular. I even wrote a very critical piece about her and the people from the World Privacy Forum who I felt were fellow travelers back in 2008. And perhaps nothing annoyed me more than her consistently claiming that data exchange was illegal and that vendors were selling personally identified health data for marketing and related purposes to non-covered entities (which is illegal under HIPAA).
However, in recent years Deborah has teamed up with Adrian Gropper, whom I respect and seemed to change her tune from “all electronic data violates privacy and is therefore bad”, to “we can do health data in a way that safeguards privacy but achieves the efficiencies of care improvement via electronic data exchange”. But she never really came clean on all those claims about vendors selling personally identified health data, and in a semi-related thread on THCB last week, it all came back. Including some outrageous statements on the extent of, value of, and implications of selling personally identified health data. So I’ve decided to move all the relevant comments to this blog post and let the disagreement continue.
What started the conversation was a throwaway paragraph at the end of a comment I left in which I basically told Adrian to rewrite what he was saying in such a way that normal people could understand it. Here’s my last paragraph
As it is, this is not a helpful open letter, and it makes a bunch of aggressive claims against mostly teeny vendors who have historically been on the patients’ side in terms of accessing data. So Adrian, Deborah & PPR need to do a lot better. Or else they risk being excluded back to the fringes like they were in the days when Deborah & her allies at the World Privacy Forum were making ridiculous statements about the concept of data exchange.
Health reform activists and privacy mavens have been at loggerheads for years. Those touting health reform complain that an oversensitivity to privacy risks would hold back progress in treatments. Running in parallel but in the opposite direction, the privacy side argues that current policies are endangering patients and that the current rush to electronic records and health information exchange can make things worse.
It’s time to get past these arguments and find a common ground on which to institute policies that benefit patients. Luckily, the moment is here where we can do so. The common concern these two camps have for giving patients power and control can drive technological and policy solutions.
PPR has also held three Health Privacy Summits in Washington, DC, at the Georgetown Law Center, just a few blocks from the Capitol building. Although Congressional aides haven’t found their way to these conferences as we hoped (I am on the conference’s planning committee), they do draw a wide range of state and federal administrators along with technologists, lawyers, academics, patient advocates, and health care industry analysts. The most recent summit, held on June 5 and 6, found some ways to move forward on the data sharing vs. privacy stand-off in such areas as patient repositories, consent, anonymization, and data segmentation. It also highlighted how difficult these tasks are.