150 likes | 255 Views
Health Data Flows: Where PETs Can Help. PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center. EHRs Promise Great Things. Improve quality of care Reduce duplication Reduce medical errors Provide the right care at the right time and place
E N D
Health Data Flows: Where PETs Can Help PORTIA Workshop on Sensitive Data July 8, 2004 Anna Slomovic, PhD Electronic Privacy Information Center
EHRs Promise Great Things • Improve quality of care • Reduce duplication • Reduce medical errors • Provide the right care at the right time and place • Increase access to care • Reduce administrative burden • Improve research and public health Implication: broader and more frequent access to PHI
EHRs Create New Privacy Concerns for Patients • Reduced ability to shield sensitive information • Inability to “leave the past behind” • Inability to refuse participation in certain activities, e.g., research? • Linking between health information and other information, e.g., welfare To maximize patient privacy, the best EHR is highly fragmented with fragments under patient control
EHRs Create New Privacy Concerns for Physicians • Reduced autonomy in the practice of medicine • Tracking of utilization and compliance with care guidelines • “Pay for performance” • Reduced ability to provide autonomy to patients To maximize physician privacy, the best EHR allows physicians role-based access
Outline • Privacy concerns raised by EHRs • The current data flows • How PETs can help
Existing Regulations Permit Data Flows Without Patient Consent • Treatment • Payment • Health care operations • Public health • “Required by law” • Health system oversight • Reporting victims of abuse and neglect • Law enforcement, judicial and administrative proceedings, specialized government functions • Research (with some restrictions) Permitted disclosures without patient consent number in the dozens
Patients May Not Know What the Terms of “Notice” Mean • Health Care Operations • Legal, accounting, auditing services • General administration • Also Health Care Operations • Outcomes evaluation and guidelines development • Accreditation of professionals • Training of health care and non-health care workers • Fundraising for the health care entity • Data analysis for plan sponsors or customers • Detection of “fraud, waste and abuse”
Consultants Lawyers Accountants Medical transcription companies Software development and maintenance contractors Medical equipment manufacturers and service companies Pharmacy benefits managers Document scanning or data input companies Offsite records storage companies Document destruction companies Credentialing organizations Accreditation agencies Licensing agencies Medical schools Training companies Banks External fundraising agents Collection agencies Who Performs “Health Care Operations”? Secondary users not regulated by HHS
“Consumers who examine the audit trails of access to their data may be surprised by how many different people and entities access their data. These are not security violations, but routine clinical and business uses of identified clinical data. … [C]onsumers will have to be educated about the realities of how their personal health information is used.” “[T]he very benefit of regional information exchange arises from physician adoption, and if physicians are reticent to participate in something that might be used against them (or simply fear that it could be used against them), then this benefit of physician practice evaluation may have to be foregone for the foreseeable future.” D. J. Brailer et al., Moving Toward Electronic Health Information Exchange: Interim Report on the Santa Barbara County Data Exchange, prepared for the California HealthCare Foundation, July 2003
Outline • Privacy concerns raised by EHRs • The current data flows • How PETs can help
We Need to Return to Basic Questions • Should all health care providers have access to all PHI? • Should secondary users have access to PHI without patient or physician consent? • How can EHR systems be built to provide greater control to patients and physicians?
PETs As Part of the Answer • Fully identified records provided only for whose who need identity to do the job • Pseudonymity (protecting patients from curiosity, e.g., in labs or pharmacies) • Group signatures (protecting physician identity in patient interactions; protecting patient identity in some interactions) • Complete records only when needed • Secret sharing (record fragmented until necessary, e.g., in emergency, with patient consent) • Selective disclosure (disclosing medications without disclosing diagnosis or physician name)
PETs As Part of the Answer, Cont’d • Secondary users work with de-identified information • Private information retrieval (looking for types of cases without disclosing links between identity and case) • Research • Disease and bioterrorism surveillance • Clinical guidelines development and improvement • Privacy-preserving datamining (looking for patterns without sharing information) • Research • Quality of care analysis • Fraud detection
System Can Be Built With More Control for Data Subjects • Menu of pre-set choices in EHR • Who and when can access records without further consent • Contact information to obtain consent outside pre-set parameters • “Expiration” of one-time past episodes of care
“Most interviewees were willing to allow the use of their information for research purposes, although the majority preferred that consent was sought first. The seeking of consent was considered an important element of respect for the individual. Most interviewees made little distinction between identifiable and anonymised data.” Willison, Donald J; Keshavjee, et. al, “Patients' consent preferences for research uses of information in electronic medical records: Interview and survey data,” British Medical Journal (International Edition), February 15, 2003.