personal health record rise lawyers

8/14/2019 Personal Health Record Rise Lawyers

1/8

HEALTH LAWYERSA P U B L I C A T I O N O F T H E A M E R I C A N H E A L T H L AW Y E R S A S S O C I A T I O N

NEWSV O L U M E 1 2 N U M B E R 1 0 O C T O B E R 2 0 0 8

Focus onConsultants and Expert Witnesses19

Unclean Hands:

Hospital Systems TodayValuable Integration or Is It Time to Cut the Cord?

24

e Rise of thePersonal HealthRecord:Panaceaor Pitfall for Health

Information18


2/8

8 HEALTH LAWYERS NEWS

The views are t hose of the authors and do not represent the position of the Association. Health Lawyers is a non-partisan educationalorganization that does not ta ke positions on public policy issues and instead provides a forum for an informed exchange of views.Hea t Lawyers invites t ose wit opposing views on t e Feature to su mit etters or artic es, w ic wi e reviewe , pu is e anedited on a space available basis. Letters to the Editor should be no longer than 250 words in length. If those seeking to respond wouldlike to do so in the form of an article, he or she may submit it for consideration to [email protected], and the proposed articlewill be considered in the ordinary editorial process.

e Rise of thePersonal HealthRecord:Panaceaor Pitfall for Health

Information

Robert L. Coffield, Flaherty Sensabaugh & Bonasso PLLC, Charleston, WVGerald Jud E. DeLoss, Gray Plant Mooty*, Minneapolis, MN

I. Introduction

[Editors Note: This article provides an introduction to PHRs and identifies issues thatarise with their increased adoption and use. The Health Information and TechnologyPractice Group intends to produce a comprehensive Member Briefing on PHRs.

Commentators are invited to contact the authors with suggested topic areas.]


3/8

9OCTOBER 2008

Giant bytes have been taken out ofthe personal health record (PHR)market by technology companieslike Google, Microsoft, Dossia,and others on a mission to connectconsumers with their health infor-mation. If successful, the efforts bythese and other Health 2.0 tech-nology companies could trans-form the healthcare industry. It istoo early to say whether the PHRwill be the catalyst for healthcarereform; however, we can explorewhat may lie in the wake if aconsumer-focused PHR revolutionoccurs.

Technological changes inhealth information management

are altering the way in whichpatients and healthcare providersmaintain, use, control, and disclosehealth information. We are expe-riencing a paradigm shift fromthe current decentralized systemof records maintained by multipleentities at multiple locationsoftenwith conflicting and duplicativeinformationto a centralizedsystem relying on personal healthinformation networks (PHINs),regional health information organi-zations (RHIOs), or national health

information exchanges (HIEs).In the 21st Century, our

healthcare system has becomemore fragmented and specialized.Patients seek services from a varietyof providersfrom family careproviders to specialists. Moreover,as individuals move from city tocity and state to state, they leave atrail of partial medical records withvarious providers, insurers, andothers.

The rise of electronic medical

records (EMRs), electronic healthrecords (EHRs), RHIOs, andHIEs reflects a need to addressthe increasing complexity ofmaintaining and sharing healthinformation. PHRs may be thedisruptive technology providingan alternative to a complex systemof interconnected interoperablehealth information systems, often

among healthcare stakeholderswho have conflicting and competi-tive interests.

A. PHRs DefinedThe Office of the National Coor-dinator for Health InformationTechnology (ONC) defines a PHRas an electronic record of healthrelated information on an indi-vidual that conforms to nation-ally recognized interoperabilitystandards and that can be drawnfrom multiple sources while beingmanaged, shared and controlled bythe individual.1

The ONC report highlightsthe growing importance of PHRs

to facilitate the participation ofindividuals in their own care andwellness activities. Encouragingindividuals to become engaged intheir healthcare, and providingthe means to document, track, andevaluate their health conditions,a PHR can lead to more informedhealthcare decisions, improvedhealth status, and ultimately,reduced costs and improved qualityof healthcare. The PHR is broaderthan a medical record and containsany information relevant to an

individuals health, including dietand exercise logs, a list of over-the-counter medications, and personalinformation.

PHRs are distinguishable fromEMRs and EHRs. A key distinctionis that a PHR is under the patientscontrol. The individual patient isthe ultimate guardian of informa-tion within a PHR. Portability isanother distinguishing character-istic of the PHR. The goal of a PHRis to be a lifelong source of health

information for an individual.

B. History of PHRsAccording to Wikipedia, theearliest article mentioning PHRsis dated June 1978. Wikipedia alsomentions that most articles writtenabout PHRs have been publishedsince 2000. In its November 2001report, the National Committee on

Vital & Health Statistics (NCVHS)mentions PHRs and the growingconsumer use of Internet-basedhealth information services.2

Early on, PHRs were used ina rudimentary fashion as a wayfor individuals to track their ownspecific healthcare information.

First generation PHRs can becategorized as either stand-alone

PHRs, requiring patients to gatherand enter their own information,or tethered PHRs, provided by ahealth plan, provider, or employersponsor who populated the PHRwith information.

The past 12 months mark anew era of increased activity. Callit a second generation of PHRs orPHR 2.0. The advancement is led

PHRs may bethe disruptive

technologyproviding an

alternative to acomplex system

of interconnectedinteroperable

health informationsystems, often

among healthcarestakeholders whohave conflictingand competitive

interests.


4/8

by the entrance of large technologycompanies, such as Google withGoogle Health and Microsoft withHealthVault, into the PHR market-place. PHR 2.0 is not merely a datacollection application, but rather a

platform for the electronic aggrega-tion and storage of health informa-tion as well as the foundation forvarious applications.

At the federal level, ONC also

is focusing on patient-centeredhealthcare. Released in June 2008,the ONC - Coordinated FederalHealth Information TechnologyStrategic Plan: 2008-2012 serves asthe guide to coordinate the federalgovernments health informationtechnology (HIT) efforts to achievea nationwide implementation ofan interoperability health infor-mation system.3 A critical goal isto create patient-focused healthcare through the promotion of

the deployment of EHRs and PHRsand other consumer HIT tools.

C. Social Networking and Health 2.0The transformation to a PHR-based health information system isfueled by the intensifying interestin web-based social networkingand the Health 2.0 movement.

The increasing adoption of socialnetworking and lightweight web-based tools among the general publicmay create a willingness to have andutilize PHRs. There are various tech-nology players positioning themselvesto create the killer PHR applicationto become the default standard forindustry and the personal portal foreach patients personal health infor-mation.

The definition of the Health2.0 movement is still being refined.4Jane Sarasohn-Kahn, of THINK-health, defines Health 2.0 as theuse of social software and its abilityto promote collaboration betweenpatients, their caregivers, medical

professionals and other stake-holders in health.5 Early use of theInternet for healthcare was limitedto the distribution and search forhealth information. The read-onlyWorld Wide Web has been trans-formed into the World Live Web.Today, user-generated contentis being created by businesses,professionals, and ordinary peopleat lightening speed through socialmedia tools such as blogs, wikis,collaborative websites, and a varietyof web-based products.

Online health socialnetworking and software as servicemodels harness the positives ofnetworking and collective intel-ligence to generate a new level ofcollective knowledge. Whetherit is patients sharing observa-tions on chronic conditions,6physicians globally exchangingclinical information and insights,7human-powered health servicesearching,8 online consulting,9 orpromoting transparency through

tools for organizing, managing,and comparing healthcare paper-work10the Health 2.0 movementis creating business models andbecoming a catalyst for improvingefficiency, quality, and safety ofhealthcare.

D.e Common Framework forNetworked Personal HealthInformationRecently, the Markle Foundationannounced the Common Frame-work for Networked PersonalHealth Information,11 which hasbeen endorsed by a collaborativegroup of providers, health insurers,consumer groups, and privacygroups. The framework outlines aset of practices to encourage appro-priate handling of personal healthinformation as it flows to and fromPHRs.

The framework uses the termconsumer access services, whichit defines as an emerging set of

services designed to help indi-viduals make secure connectionswith health data sources in anelectronic environment. Consumeraccess services are likely to providefunctions such as authentication aswell as data hosting and manage-ment. The framework also providesanalysis of the application of theHealth Insurance Portability andAccountability Act (HIPAA) toconsumer access services.

II. Ownership of HealthInformation

The shift to a patient-centric PHRfrom a provider-based record raisestraditional property law issues.As health information becomesnetworked and technology allowsfor health information to betransferred more easily, the linesof ownership of health informationbecome further blurred.

Health information is oftenviewed under the traditional notionof property as a bundle of rights,

including the right to use, dispose,and exclude others from using it.12This legal application of historicproperty law may not be well-suitedto todays health information wherepatient information is shared via avariety of formats, copied, duplicated,merged, and combined with other


e transformationto a PHR-basedhealth informationsystem is fueled

by the intensifying

interest in web-basedsocial networkingand the Health 2.0movement.


5/8

11OCTOBER 2008

patient records into large scale data-bases of valuable information.

Who owns health informa-tion? The physician? The insurer?The patient? Under the traditionalrule, providers own the medicalrecords they maintain, subject tothe patients rights in the informa-tion contained in the record.13This tradition stems from the eraof paper records, where physicalcontrol meant ownership. Providerownership of the record is notabsolute, however. HIPAA and moststate laws provide patients withsome right to access and receivea copy of the record, along withamendment and accounting of

disclosures.14

The PHR model, where allrecords are located and maintainedby the patient, flips and realignsthe current provider-based modelof managing health information.Instead of provider-based control,where the provider furnishes accessto and/or copies of the record andis required to seek patient autho-rization to release medical infor-mation, the PHR model puts thepatient in control of his medicalinformation.

III. Legal Liability andCompliance IssuesAssociated with PHRs

PHRs open the door to a wide-range of new and modified legalclaims. PHR stakeholders shouldrecognize and address the nega-tive implications to avoid long-termproblems. These, of course mustbe balanced against the liabilityrisks of not adopting an availabletechnology designed to improve

the quality of healthcare.

A. Medical MalpracticeMedical malpractice cases addresswhether: a patient-physician rela-tionship was created; the treatmentprovided was within the standardof care; a breach of the standardof care was causally related to

the injury; and the patient wasinjured.15

Seeking to prove or disprovethese elements raises the issue ofwhether the PHR would be relevantas evidence against a provider.Generally speaking, if the datawithin the PHR was provided to oraccessible by the provider then theevidence is admissible.16

Many providers have expressedconcerns over the accuracy andcompleteness of PHRs if controlledby patients. Whether the informa-tion is credible is a legitimate ques-tion. On the one hand, a patientwould not want to jeopardize his orher health by including inaccurate

information. On the other hand,it is well known that patients oftenwithhold sensitive and possiblyembarrassing information.

Moreover, with the advent ofelectronic discovery under federaland states rules, the produc-tion of PHRs in their electronicform could impact evidentiaryissues. Health 2.0 and other socialnetworking sites suddenly becomefair game for defense lawyersseeking to discredit patientsclaims. Patients may attempt to

refer to those same records andother portions of their PHR asexamples of treatment modali-ties approved by other medicalproviders. Plaintiffs lawyers alsomay investigate the potential forutilizing the collective knowl-edge of the types of treatmentssuggested online within the patientnetworking sites as evidence of thestandard of care. In essence, thepossibility exists to use PHRs as theexpert to support or reject claims

of malpractice.

B. Defamation and Invasion ofPrivacyGenerally, a claim of defamationrequires the publication of a falsestatement that harms the plain-tiffs reputation or esteem in thecommunity.17 Accordingly, PHRsthat are solely accessible by the

individual or upon the invitationof the individual may not createa cause of action for defamation.However, those PHRs that includecommunication with other indi-viduals or providers may providethe publication necessary to sat isfythat element.

Defamation based upon onlinecommunication is fairly new. Typi-

Health Information and

Technology Leadership

Edward F. Shay, ChairPost & Schell PC

Philadelphia, PA

[email protected]

Gerald E. DeLoss, Vice Chair

Educational Programs

Gray Plant Mooty

Minneapolis, MN

[email protected]

Phyllis F. Granade, Vice Chair

Strategic ActivitiesCarlton Fields PA

Atlanta, GA

[email protected]

Patricia A. Markus, Vice Chair

PublicationsSmith Moore LLP

Raleigh, NC

trish.markus@smithmoorelaw.

com

Rebecca L. Williams, Vice Chair Research

Davis Wright Tremaine LLP

Seattle, WA

[email protected]

Robert Q. Wilson, Vice Chair Membership

Associate Director, Legal Counsel

GTx, Inc.

Memphis, TN

[email protected]

Thanks go to the Practice Group

for sponsoring this feature.


6/8

cally, such claims have involvedfalse celebrity information postedon the Internet.18 Arguably, wherean individual uses a PHR to publishfalse information, an analogousclaim could be pled.19

Generally, the tort of inva-sion of privacy encompasses fourclaims: (1) intrusion upon theplaintiffs seclusion; (2) appropria-tion of the plaintiffs name or like-ness; (3) publicity of the plaintiffsprivate life; and (4) publicityplacing the plaintiff in a falselight.20 The improper disclosureof health information containedwithin the PHR may form the basisfor one or more of these claims.Each of these claims involves theuse or disclosure of private infor-mationsuch as health informa-tionconcerning a person. Ifwrongfully used or disclosed, thoseresponsible for the use or disclo-sure, as well as those responsiblefor protecting the PHR, may facepotential liability.

C. Discrimination and ImproperDisclosureHIPAA prohibits impermissibleuses and disclosures of protectedhealth information. Although indi-viduals are free to use and disclosetheir own information as they seefit, appropriate firewalls need tobe constructed where, for example,employer-sponsored health plansare providing PHRs. Informationin the PHR should not flow fromthe plan to the plan sponsor norshould it be used for employmentpurposes.

In addition to HIPAA,employersand possibly insurersmust consider the implications of

the Americans with DisabilitiesAct, the Family and Medical LeaveAct, and similar state laws. The lawsoffer protection to employees fromaccess to employee health infor-mation and discrimination basedupon that information.

D. Breach of ContractDespite the disclaimers and protec-tions set forth in user agreements,it may be possible for an individualto argue that some protectionsarise through the agreement itself.

While user agreements tend to bedrafted almost entirely in favor ofthe PHR vendor or provider/plan,these documents may containlimited rights in favor of the indi-vidual. The individual could bringan action for breach of those rights

in the event of a violation.

E. HIPAA ComplianceMost PHR vendors have takenthe position that HIPAA doesnot apply to them. PHR vendors

generally do not qualify ascovered entities. Such vendorstake the position that they arenot business associates becausethey are not providing serviceson behalf of covered entitiesbut rather have a relationshipwith the patients. Moreover, thepatient releases information toor creates information in the

PHR, and HIPAA does not regulateindividuals use and disclosure oftheir own information.

The contrary position is thatmany of the PHRs are now linkeddirectly with covered entities toallow the health information to betransferred. Several high-profilerelationships have been announcedrelating to collaborations betweenPHRs and medical facilities toprovide PHRs for patients.21 Thecollaborations should be reviewedto determine whether a businessassociate relationship has beencreated.

There has been recent activityto expand the reach of HIPAA to

encompass PHRs. Federal and stateproposals also may address privacyand security concerns separately. Inthe interim, private initiatives, bythe Markle Foundation and others,propose a voluntary framework toprotect health information.

F. State LawsMany states have enacted breachnotification requirements andother consumer protections, whichraise new issues with respect toPHRs. Some states, e.g., California,

have expanded the breach notifi-cation rules to specifically coverhealth information. These regu-lations must be addressed withrespect to PHRs.

Finally, many states havepromulgated regulationsaddressing the movement towardshealth information exchange.Many recognize record locatorservices or other similar entitiesthat may contain health informa-tion or act as an intermediary for

locating such information.22

Thesestate laws may be implicated byPHRs.

G. Stark and Fraud and AbuseThe federal Stark Law prohibitscertain referrals for DesignatedHealth Services (DHS) by a physi-cian to an entity with which he/shehas a financial relationship.23


ere has beenrecent activity to

expand the reachof HIPAA toencompass PHRs.


7/8

13OCTOBER 2008

In addition, the Anti-KickbackStatute prohibits remunerationin exchange for the referral ofa patient for services covered bya federal health program.24 Theviolation of these laws may providethe basis for a claim under thefederal False Claims Act.25 Statelaws may provide additional restric-tions and prohibitions.

Recently, a number of healthplans and systems have begunto offer PHRs to patients andproviders. Currently, the Starkexception and Anti-KickbackStatute safe harbor expresslyallow only for EHR and electronicprescribing to be donated. PHR

donation may not be protected.In addition to the practical

issues associated with the dona-tion and use of PHRs, new avenuesof identify ing fraud and abuseare being opened with discoveryinvolving PHRs. Federal investiga-tors and qui tamlitigators may turnto PHRs to prove treatment thatwas billed for may not have beenprovided. In addition, the compila-tion of information via Health 2.0raises the specter of data aggrega-tion to establish fraud over a large

population of patients.

IV. Conclusion

PHRs bring a new dimension tothe debate over how to create aninteroperable health informationnetwork. The shift of power intothe hands of patients could bringabout a sustainable model. Beforeproceeding with the expansion ofPHRs, the legal implications thatgo along with such an adoptionshould be addressed.

Bob Coffield is a member of F lahertySensabaugh & Bonasso PLLC inCharleston, WV. Bob is also a Co-Chairof the Privacy and Security Complianceand Enforcement Affinity Group, a partof AHLAs Health Information andTechnology Practice Group. He can bereached at [email protected]

Jud DeLoss is a principal with the lawfirm of Gray Plant Mooty in Minne-apolis, MN. Jud is also a Vice Chair ofthe AHLAs Health Information andTechnology Practice Group. He can bereached at [email protected].

* Mr. DeLoss thanks Bryan M. Seiler, aSummer Associate at the firm, for hisassistance in this art icle. Mr. Seiler is a

third year student at the University ofMinnesota Law School.

1 National Alliance for Health Informa-tion Technology, Defining Key HealthInformation Technology Terms, April2008, available atwww.hhs.gov/healthit/documents/m20080603/10.1_bell_viles/

testonly/index.html.2 Report and Recommendations From the

National Committee on Vital and HealthStatistics, Information for Health, AStrategy for Building the National HealthInformation Infrastructure, November15, 2001, available athttp://aspe.hhs.gov/sp/NHII/Documents/NHIIReport2001/

default.htm.3 ONC-Coordinated Federal Health

IT Strategic Plan: 2008-2012 (June 3,2008), available atwww.hhs.gov/healthit/resources/reports.html.

4 Health 2.0 Wiki, available athttp://health20.org/wiki/Main_Page.

5 California Healthcare Foundation, TheWisdom of Patients: Health Care MeetsOnline Social Media, Jane Sarasohn-Kahn, M.A., H.H.S.A., THINK-Health,April 2008, available atwww.chcf.org/

documents/chronicdisease/HealthCare-SocialMedia.pdf.

6 See, e.g., Patients Like Me (www.

patientslikeme.com/); TuDiabetes.com(http://tudiabetes.com/); Daily Strength(http://dailystrength.org/); SugarStats(www.sugarstats.com/); RevolutionHealth (www.revolutionhealth.com/).

7 See, e.g., Sermo (www.sermo.com/).8 See, e.g., Organized Wisdom (http://

organizedwisdom.com).

9 See, e.g., American Well (www.american-well.com).

10See, e.g., change:healthcare (http://company.changehealthcare.com/);Quicken Health (http://quickenhealth.

intuit.com/).11 Markle Foundation, Connecting

for Health, Connecting ConsumersCommon Framework for NetworkedPersonal Health Information, June 2008,available atwww.connectingforhealth.org/phti/.

12 John R. Chr istiansen, Why Health CareInformation Isnt Property And WhyThat Is to Everyones Benefit, American

Health Lawyers Association, HEALTH Law

DIGEST, 1999.

13 Oscar L. Alcantara and Adelle Waller,Ownership of Health Information in the Infor-

mation Age, originally published in Jounalof the AHIMA, March 30, 1998, availableatwww.goldbergkohn.com/news-publica-tions-57.html.

14See, e.g., 45 C.F.R 164.524.

15See, e.g., Nogowski v. Alemo-Hammad, 691A.2d 950, 956 (Pa. Super. Ct. 1997).

16See, e.g., Breeden v. Anesthesia West, P.C.,656 N.W.2d 913 (Neb. 2003) (nurseselectronic note on patient condition thatwould have prevented administration of

anesthesia should have been reviewedby anesthesiologist despite no verbal or

handwritten report by nurse).17See, e.g., Mahoney & Hagberg v. Newgard,

729 N.W.2d 302 (Minn. 2007).18See, e.g., Carl S. Kaplan, Celebrities Have

Trouble Protecting Their Names Online,CYBERLAW JOURNAL (July 30, 1999).

19See, e.g., Churchey v. Adolph Coors Co., 759P.2d 1336 (Colo. 1988). See also Restate-

ment (Second) of Torts 577, cmt. k(1977).

20See, e.g., Werner v. Kliewer, 710 P.2d 1250(Kan. 1985); Humphers v. First InterstateBank, 696 P.2d 527 (Ore. 1985). See alsoRestatement (Second) of Torts 652

(1977).21 For example, Google Health with Cleve-

land Clinic and Microsoft HealthVaultwith Mayo Clinic.

22See, e.g., MINN STAT. 144.291, subd. (i).23 42 U.S.C. 1395nn(a).24 42 U.S.C. 1320a-7b(b).25 31 U.S.C. 3729.

In addition to thepractical issues

associated with thedonation and use ofPHRs, new avenues

of identifyingfraud and abuse arebeing opened with

discovery involving

PHRs.


8/8

Copyright 2008 American Health Lawyers Association, Washington, D.C.Reprint permission granted.Further reprint requests should be directed toAmerican Health Lawyers Association1025 Connecticut Avenue, NW, Suite 600Washington, DC 20036(202) 833-1100For more information on Health Lawyers content, visit us atwww.healthlawyers.org
http://www.healthlawyers.org/http://www.healthlawyers.org/