health record banks enable secondary data use with privacy protection william a. yasnoff, md, phd,...
TRANSCRIPT
Health Record Banks Enable Secondary Data Use with
Privacy Protection
Health Record Banks Enable Secondary Data Use with
Privacy Protection
William A. Yasnoff, MD, PhD, FACMICEO, Health Record Banking Alliance
NCVHS Secondary Data Uses Work GroupHyattsville, MD
July 19, 2007
© 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
22 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Health Record Banking Alliance Virginia non-profit formed 6/06; first met 9/06 Purpose: promote the concept of health
record banks: Consumer-controlled independent
repositories of health records Broad participation, no formal membership
HIT vendors & organizations Health record bank organizations Consultants (HIT & health policy) Privacy advocates 100+ on e-mail list
Monthly Meetings Draft principles developed & posted on web
33 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
1. Policies Needed to Achieve Effective Secondary Data Use
Strong public support of secondary use 81% support use of electronic health
records for research [Markle Foundation 9/05]
But public also wants control of their information [Harris Interactive/WSJ 9/06] 64% of adults said they would like to have access to an electronic medical record (EMR) to capture medical information
62% agree that "electronic medical record use makes it more difficult to ensure patient privacy.”
44 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
1. Policies Needed for Secondary Data Use (cont.) Policies needed:
Individual right to medical privacy Individual may own a complete
copy of all their medical records Individual controls ALL use of their
medical information Consent required for any use
– May be provided in advance– May be granted for person,
organization, specific study, etc.– Specific to single purpose only
55 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
2. Adequacy of Privacy Protection Under Current Law
HIPAA regulations are inadequate Treatment, payment, operations
(TPO) exceptions seem reasonable However TPO determination is done
by organization that has data No disclosure, reporting, or
effective oversight Not consistent with Fair Information
Practices (HHS, 1973) No technical reason why individual
consent cannot be obtained
66 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
3. Uses of Health Data with Insufficient Protection
All uses have insufficient protection because HIPAA is inadequate
No disclosure of specific uses Individuals cannot opt out of use of their
information Individuals cannot find out what their
information is used Individuals cannot prevent their information
from being used against them “De-identification” is virtually never
absolute -- data can usually be re-identified Violates Hippocratic Oath
77 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
4. Other NHIN-related health information use issues Requirements for Community Health
Information Infrastructure Health Record Banking Model Secondary Use Implications Policy Recommendations
88 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
CompleteElectronicPatientInformation
Stakeholder cooperation
FinancialSustainability
PublicTrust
Components of a Community Health
Information Infrastructure
99 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
CompleteElectronicPatientInformation
Most information is already electronic: Labs, Medications, Images, Hospital Records
Outpatient records are mostly paper Only 10-15% of physicians have EHRs Business case for outpatient EHRs weak
For outpatient information to be electronic, need financial incentives to ensure that physicians acquire and use EHRs
Requirement #1: Financial incentives to create good business case for outpatient EHRs
1010 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
CompleteElectronicPatientInformation
Need single access point for electronic information Option 1: Gather data when needed (scattered model)
Pro: 1) data stays in current location; 2) no duplication of storage
Con: 1) all systems must be available for query 24/7/365; 2) each system incurs added costs of queries (initial & ongoing); 3) slow response time; 4) searching not practical; 5) huge interoperability challenge (entire U.S.); 6) records only complete if every possible data source is operational
1111 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
CompleteElectronicPatientInformation
Need single access point for electronic information Option 2: Central repository
Pro: fast response time, no interoperability between communities, easy searching, reliability depends only on central system, security can be controlled in one location, completeness of record assured, low cost
Con: public trust challenging, duplicate storage (but storage is inexpensive)
1212 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
CompleteElectronicPatientInformation
Need single access point for electronic information Requirement #2: Central repository for storage
1313 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Voluntary Impractical Financial incentives
Where find $$$$$? Mandates
New Impractical Existing
– HIPAA requires information to be provided on patient request
Requirement #3: Patients must request their own information
Stakeholder cooperation
1414 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Funding options Government
– Federal: unlikely– State: unlikely– Startup funds at best
Healthcare Stakeholders– Paid for giving care– New investments or transaction
costs difficult Payers/Purchasers
– Skeptical about benefits– Free rider/first mover effects
Consumers– 72% support electronic records– 52% willing to pay >=$5/month
Requirement #4: Solution must appeal to consumers so they will pay
FinancialSustainability
1515 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
A. Public Trust = Patient Control of Information
Requirement #5: Patients must control all access to their information
PublicTrust
1616 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
B. Trusted Institution Via regulation (like banks)
impractical ?? Self-regulated
Community-owned non-profit Board with all key stakeholders Independent privacy oversight Open & transparent
Requirement #6: Governing institution must be self-regulating community-owned non-profit
PublicTrust
1717 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
C. Trustworthy Technical Architecture Prevent large-scale information loss
Searchable database offline Carefully screen all employees
Prevent inappropriate access to individual records State-of-the-art computer
security Strong authentication No searching capability Secure operating system
Easier to secure central repository: efforts focus on one place
Requirement #7: Technical architecture must prevent information loss and misuse
PublicTrust
1818 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Health Record Banking Model All information for a patient stored in Health
Record Bank (HRB) account Patient (or designee) controls all access to
account information [copies of original records held elsewhere]
Each HRB has three interfaces: Withdrawal window - record access Deposit window - receives new info Search window - authorized requests
When care received, new records sent to HRB for deposit in patient’s account
All data sources contribute at patient request (per HIPAA)
1919 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.Clinical Encounter
Health Record Bank
Clinician EHRSystem
Encounter Data Entered in EHR
Encounter data sent to
Health Record Bank
PatientPermission?
NODATA NOT
SENT
Clinician Inquiry
Patient data delivered to
Clinician
YES
Optional payment
Clinician’s BankSecure patient
health data files
Health Record Banking
2020 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Secondary Use Implications Privacy is protected through consumer control
Each consumer customizes their own privacy policy
Health record banks facilitate secondary use Searches over populations easy
– Not necessary to release data– Counts of matches with demographics
normally sufficient– Eliminates issues of “de-identification”
and reuse Can combine searches over multiple banks Banks can notify individuals without
knowledge of searchers (e.g. for clinical trial recruitment, drug withdrawal from market)
Banks collect fees to share with consumers
2121 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Policy Recommendations (1 of 2)1. Consumer has complete legal ownership and
control of health record bank information No exceptions needed as copies of
information are elsewhere Information protected from
– Change in ownership– Failure of customer payment– Bankruptcy
Consent for single-purpose access only No coerced consent
2. All holders of electronic medical information required to provide it within 24 hours of creation at no charge (on patient request)
2222 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Policy Recommendations (2 of 2)3. Include health record banks as
covered entities under HIPAA Cover personal health information
in all locations4. Require independent privacy &
confidentiality audits of health record banks
Certification of auditing entities Public disclosure of audits
5. Require security procedures sufficient to enforce privacy & confidentiality policies
2323 © 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Questions?
William A. Yasnoff, MD, PhD, [email protected]/527-5678
For more information:www.healthbanking.org
www.yasnoff.com