Comments on Life as a Healthcare CIO: Consumer Preferences and the Consumer NHIN

I agree with John O on EMRs and PHRs needing to ex...

2009-11-02T08:32:18.657-08:00

I agree with John O on EMRs and PHRs needing to exchange data real time. However, the question is how would this be done, ideally? Right now, it seems that the approach is building point to point connections from a health system to Google Health or Health Vault. A slight improvement is that the EMR would build this link but that is still point to point. There should be something that sits in the middle and if you send medical records to it, they can be routed to a PHR of your choice. And I don't think that the NHIN will be this delivery mechanism (any time soon) although PHRs are being discussed in this fashion. I don't think the NHIN will be this mechanism because of the requirements to get on it (RHIOs talking to RHIOs). If it was provider talking to provider, then maybe.

Google Health (and other PHRs) have so much potential, but who actually uses them? Only a handful of health systems have coded the point to point bridge to talk to Google Health (or other PHRs). As John mentioned, there is a missing middle piece here. And I know this comment will have many that disagree, but again, I don't think the NHIN is going to be that piece any time soon.

Go easy on me guys, I am not trying to start a "religion and politics" war but I did want to share my honest thoughts.

This thread has made me think more about how consu...

2009-10-31T13:41:27.818-07:00

This thread has made me think more about how consumers interact with the NHIN and the notion that the PHR becomes a central point of clinical data aggregation. I tend to agree with the dialog here around consumers and their participation in this process. I believe consumers are the owners of their personal health information. I believe healthcare organizations that provide services for patients are entitled to a "copy" of the data, but are not the "owners" of that data. They can use the data for quality measure, research, general patient profiling, and care purposes, but the patient owns that data at the end of the day.

I think the thing that has changed the ballgame is the release of Personal Health Records. I believe solutions like DOSSIA, MS HealthVault, and GoogleHealth will take off in popularity once a critical piece of the exhange puzzle is solved. The piece missing is the real-time exchange between EMR systems and PHRs. There is limited success today in this space, but I'd like to see a mandate for all EMR systems to send a copy of the data around services performed to the patient's PHR (assuming the patient has an account) so the patient does indeed house and keep the aggregate of their data.

Similarly, and pulling the PCMH concept into the mix, the patient's Primary Care Physician should also get a copy of the data so they have an aggregate view of the patients they manage. If the PCP is truly expected to manage their patients then they need access to all the data.

Let me ask a question because I'm curious to know what this group thinks...

The question has to do with concerns around sharing mental health and other sensitive information. I'd like to use Steve's diabetes example. Let's say bipolar disorder is part of the patient's FP note. Why is it a good idea to suppress that data when the patient visits a specialist or other healthcare provider? Isn't the entire patient story important for caregivers to know and understand? I'm not on Symbyax, although my wife may argue that I should be, nor do I have a mental health disorder (none that I'm aware of anyway), but if that's part of my health record then isn't that information important for others to know as I'm being treated elsewhere?

I get the overall notion here that people do not want the world to know their business, but there seems to be a fine line between "hiding" information and protecting patients from misuse of data.

I work in the healthcare IT field and have for several years. I get the feeling that patients are allowed to "hide" information very easily which only makes it tougher for caregivers to provider optimal care. I'd like to know if others feel the same or feel differently and why?

Again, I enjoy reading what others think on topics related to HIE so I appreciate the feedback...

I like David's suggestion of the PHR being the poi...

2009-10-25T06:48:52.063-07:00

I like David's suggestion of the PHR being the point of patient-centered data aggregation. I hear John's point about chopping up the record into three basic consent categories (mental health, HIV, and the rest), but this is not so simple to do.

How do you handle the family practice diabetes management note that includes a mention of bipolar disorder and the fact that the patient is on Symbyax?

Also, what about legal requirements to release only the information necessary? Is there a standard for consent-based or conditional redaction?

These are complex but solvable challenges.

A distributed, XML-encoded (XACML?) consumer-contr...

2009-10-21T14:48:24.721-07:00

A distributed, XML-encoded (XACML?) consumer-controlled consent model is the "holy grail" that we seek, but I fear that this is far too complex for the short run, and may in fact be unnecesary.

A much simpler solution would be to aggregate patient data ONLY at the consumer's chosen PHR (accessed via the NHIN.) The consumer can then manage his or her data consent policy via a simple (?) user interface provided by the chosen PHR, just like you can manage access to your photographs at Smugmug or Picasa or Flickr.

Provider-to-provider messaging, via the local HIE or via the NHIN or via vendor-to-vendor gateways would continue to operate under existing consent-for-care policies as mandated by HIPAA.

I'll fo out on a limb and suggest that there is no real need to aggregate patient data in a local HIE other than for mandated public health and quality reporting needs -- uses that are outside of patient consent management anyway.

All other PHI aggregation should occur only at the patient's chosen PHR, where consent is easy(er) to manage.

David McCallie, MD

As usual John, thoughtful post oa critical tech po...

2009-10-21T10:53:13.009-07:00

As usual John, thoughtful post oa critical tech policy issue, consumer preferences.

While I understand the desire to apply the KISS principle to consumer preferences, believe that allowing a simple construct wih options such as full opt-in, partial opt-in etc and ltd choices therein is required to insure that consumer preferences are truly reflected, shared and preserved.

In my own review of the Consumer Preferences Draft, http://chilmarkresearch.com/2009/10/15/consumer-preferences-sharing-phi/ one of the biggest failings is lack of addressing the extension of consumer preferences beyond the first clinical stakeholder. This creates a loophole a mile-wide.

And as Chris rightly states, at the end of the day, PHI does not belong to any hospital, IDN, physician etc., it is the consumer's.

Great post John.(and John and Keith) From a overt...

2009-10-19T19:05:36.381-07:00

Great post John.(and John and Keith)

From a overtly technical standpoint, the notion of expressing and transmitting a consent is very doable.

However, conspicuously absent from the discussion of consumer preferences is the the ownership rights of the legal owner of the data.

My professional experiences in the practicalities of consumer determinism is the notion that they explicitly have the legal right to the ownership of the data, not simply access to their information. In many states - I'll use Virginia as an example - physicians and providers physically own the record but patients have a right to request reasonable access to the information contained in the record. Further, the physical record has tangible value to the physician's practice where it considered an asset, further reinforcing the legal tenant of ownership.

Ipso facto, as a consumer, what preferential rights can I assert to a record that I don't own? (further, that the provider can legal disregard or over-ride).

A national policy will carry us but so far considering the myriad of state laws that address, partially address or do not address these complex issues. The uniformity of application is crucial to moving data across jurisdictions.

I could type all day on this, but I'll stop here.

Now the tiny type: the opinions expressed here are my own, not of that of my employer or clients.

I found Jamie's post interesting enough to comment...

2009-10-19T10:22:28.476-07:00

I found Jamie's post interesting enough to comment on here: Making it Possible for Doctors to Trust your Electronic Health Data

I very much agree with your points on needing cons...

2009-10-19T06:11:41.430-07:00

I very much agree with your points on needing consent in order to engender patient trust. I like your approach for starting simple. I would point out that what HITSP has already selected in TP30 meets every requirement you have.

I am concerned with understanding your last requirement for XML format. The TP30 solution does encode the consumer consent as a CDA document, which is XML. It also optionally supports a scanned image of a wet-signature for those regions that need it. But I am not sure if this is what you are referring to. Given that you have asserted that initially we need only a singular policy for OPT-IN (or more likely a small number), why does a binary decision need to be encoded in XML?

The underlying IHE-BPPC profile was designed to fill the gap in privacy-policy encoding standards, while emulating and encapsulating what is done with paper today.

I would like us to understand TP30 well enough that we can start implementing it as you describe. Implementing TP30 does NOT mean we don't continue to develop privacy-policy XML schema and vocabulary.