The healthcare IT universe is atwitter (both figuratively and literally) about Epic’s opposition to the proposed HHS rules regarding information blocking. Although the rules are designed to speed sharing of patient data among hospitals, medical practices, and other care delivery entities, there are concerns that they don’t go far enough to protect patient privacy.
Opponents are claiming that relaxed rules will allow sharing of data with third parties that aren’t bound by HIPAA, resulting in patients losing control of their protected health information. HHS counters with the assertion that they “want the public to have computational right of access to health information so they can have control over apps of their choosing.”
Although choice is a lofty goal, the reality is that patients (and consumers in general) aren’t going to read the disclosures of how their data is used or what permissions an app might need to operate, which could open the floodgates of information sharing in ways they might not fully appreciate. On the other hand, data sharing is important for better healthcare – improved coordination of services, reduced duplication of testing, greater understanding of the patient’s whole condition, and more.
I see patients who regularly pull up their patient portal accounts and just hand me their phones, hoping I can make sense of their medication lists or what lab testing has been done recently. They know that the big health systems in town refuse to play nicely with independent providers, but they want us to have the whole picture.
It’s the digital equivalent of what the military did with charts for years. The patient would pick up their chart and take it with them to their appointments so that everything was at the provider’s fingertips. I used to love seeing those recently discharged military members in practice because it meant continuity in a way that I couldn’t get via fax or mail in the olden days before electronic data sharing.
I think it’s important for patients to understand that if they share their health information with third party apps that their data is no longer protected. This is the current reality for a good chunk of health data. Patients are giving their PHI freely to apps tracking fitness, fertility, calorie intake, sleep patterns, biometric factors, lab data, and more. They’re giving away their genomes to commercial testing providers without a second thought, mostly because they haven’t read the fine print.
I’ve heard the call for protection of health information regardless of whether it’s in the hands of a HIPAA-covered entity or not. That is starting to look like a good idea. Maybe it’s time to broaden the definition of PHI and hold everyone who handles it accountable for keeping it protected.
Maybe it’s also time for HHS and other agencies to fight information blocking in ways that don’t involve vendors. My state’s HIE is one of the most pathetic in the nation, with high costs to hook up to it and other barriers to participation. Although the big health systems are feeding it data, it’s cost prohibitive for small organizations or independent providers to connect. How about some grants to eliminate those barriers? Or how about tax breaks for providers who want to connect for better patient care? How about allowing individual providers to go through a credentialing process to be able to log in to see whatever patient data they need to get the job done, just like they do now for prescription drug monitoring programs? Why all the mystery about having to have a practice or institutional login? It drives me crazy, because when I moonlight at the hospital I can access the HIE, but when I’m out at the little practice on the prairie where the data would be most beneficial, I’m in the dark.
There are more pieces to the puzzle then just requiring vendors to jump through interoperability hoops. We need to require healthcare providers to actually comply with existing laws regarding records release and data sharing. Right now, there is little enforcement and little recourse for patients who are caught without their information.
Let’s also spend some money educating patients about their health and the importance of keeping track of their data, even if they have to do it manually. Sure, it’s cooler to do it on your phone or with an app, but even just keeping a file with copies of important labs is better than nothing. Three-ring binders aren’t sexy, but they’re cheap and you can still access the data when you forget to plug in your phone.
Patients don’t realize how important it is to keep track of their health when they’re healthy. I routinely have to restart people’s hepatitis vaccination series because they’ve lost the records of their immunizations and the pediatrician has long since retired. People become sick and realize they need “the binder” or “the spreadsheet” or whatever mode of data gathering they arrive at, but it’s too late.
Some argue that we shouldn’t put the onus on the patient. I would say that’s the only way to make sure their information is accurate.
I did a little View Download Transmit experiment on my own medical records at several different practices and found upwards of two dozen errors. There were diagnoses I’ve never had, medications I haven’t been on in years, and even a couple of lost pathology specimens. Managing that shouldn’t be entirely the patient’s responsibility, but there could be a better partnership between patients and providers to ensure that everyone had the information they need. There are simple workflows that enable this that very few practices do, such as sending the patient a copy of their health summary prior to the visit and asking them to bring any corrections to the visit. You could even (gasp) give the patient a printout of the information when they check in for their visit, ask for a markup, and then review it together. Seems easy, but there’s too often a lack of resources or lack of will to even make these small changes.
Although this is a hot topic for HIStalk and Politico and others, many people in the trenches have no clue. I had lunch with a CMIO friend today and she wasn’t even aware of the situation with Epic despite her role in an Epic-using organization. She works for the biggest information blocker in town, whose staff often refuses to talk to me after I refer patients to their hospitals. Go figure. I guess she wasn’t in Judy’s contacts list. Similarly, no one is fired up in my forums for women physicians or medical school alumni.
It has been interesting to educate people about this issue. I hope they start following what’s going on in healthcare beyond their daily survival routine.
Let’s put on our patient hats for a minute and reflect on what we think about the proposed HHS rule. Do you give it a thumbs up or down, regardless of how it impacts your working world? Leave a comment or email me.
Email Dr. Jayne.