230 likes | 368 Views
William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance. NCVHS Secondary Data Uses Work Group Hyattsville, MD July 19, 2007. Health Record Banks Enable Secondary Data Use with Privacy Protection. © 2007. Health Record Banking Alliance.
E N D
William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance NCVHS Secondary Data Uses Work Group Hyattsville, MD July 19, 2007 Health Record Banks Enable Secondary Data Use with Privacy Protection © 2007
Health Record Banking Alliance • Virginia non-profit formed 6/06; first met 9/06 • Purpose: promote the concept of health record banks: • Consumer-controlled independent repositories of health records • Broad participation, no formal membership • HIT vendors & organizations • Health record bank organizations • Consultants (HIT & health policy) • Privacy advocates • 100+ on e-mail list • Monthly Meetings • Draft principles developed & posted on web
1. Policies Needed to Achieve Effective Secondary Data Use • Strong public support of secondary use • 81% support use of electronic health records for research [Markle Foundation 9/05] • But public also wants control of their information [Harris Interactive/WSJ 9/06] • 64% of adults said they would like to have access to an electronic medical record (EMR) to capture medical information • 62% agree that "electronic medical record use makes it more difficult to ensure patient privacy.”
1. Policies Needed for Secondary Data Use (cont.) • Policies needed: • Individual right to medical privacy • Individual may own a complete copy of all their medical records • Individual controls ALL use of their medical information • Consent required for any use • May be provided in advance • May be granted for person, organization, specific study, etc. • Specific to single purpose only
2. Adequacy of Privacy Protection Under Current Law • HIPAA regulations are inadequate • Treatment, payment, operations (TPO) exceptions seem reasonable • However TPO determination is done by organization that has data • No disclosure, reporting, or effective oversight • Not consistent with Fair Information Practices (HHS, 1973) • No technical reason why individual consent cannot be obtained
3. Uses of Health Data with Insufficient Protection • All uses have insufficient protection because HIPAA is inadequate • No disclosure of specific uses • Individuals cannot opt out of use of their information • Individuals cannot find out what their information is used • Individuals cannot prevent their information from being used against them • “De-identification” is virtually never absolute -- data can usually be re-identified • Violates Hippocratic Oath
4. Other NHIN-related health information use issues • Requirements for Community Health Information Infrastructure • Health Record Banking Model • Secondary Use Implications • Policy Recommendations
Complete Electronic Patient Information Stakeholder cooperation Financial Sustainability Public Trust Components of a Community Health Information Infrastructure
Most information is already electronic: Labs, Medications, Images, Hospital Records Outpatient records are mostly paper Only 10-15% of physicians have EHRs Business case for outpatient EHRs weak For outpatient information to be electronic, need financial incentives to ensure that physicians acquire and use EHRs Requirement #1: Financial incentives to create good business case for outpatient EHRs Complete Electronic Patient Information
Need single access point for electronic information Option 1: Gather data when needed (scattered model) Pro: 1) data stays in current location; 2) no duplication of storage Con: 1) all systems must be available for query 24/7/365; 2) each system incurs added costs of queries (initial & ongoing); 3) slow response time; 4) searching not practical; 5) huge interoperability challenge (entire U.S.); 6) records only complete if every possible data source is operational Complete Electronic Patient Information
Need single access point for electronic information Option 2: Central repository Pro: fast response time, no interoperability between communities, easy searching, reliability depends only on central system, security can be controlled in one location, completeness of record assured, low cost Con: public trust challenging, duplicate storage (but storage is inexpensive) Complete Electronic Patient Information
Need single access point for electronic information Requirement #2: Central repository for storage Complete Electronic Patient Information
Stakeholder cooperation • Voluntary Impractical • Financial incentives • Where find $$$$$? • Mandates • New Impractical • Existing • HIPAA requires information to be provided on patient request • Requirement #3: Patients must request their own information
Financial Sustainability • Funding options • Government • Federal: unlikely • State: unlikely • Startup funds at best • Healthcare Stakeholders • Paid for giving care • New investments or transaction costs difficult • Payers/Purchasers • Skeptical about benefits • Free rider/first mover effects • Consumers • 72% support electronic records • 52% willing to pay >=$5/month • Requirement #4: Solution must appeal to consumers so they will pay
Public Trust • Public Trust = Patient Control of Information • Requirement #5: Patients must control all access to their information
Public Trust • Trusted Institution • Via regulation (like banks) impractical ?? • Self-regulated • Community-owned non-profit • Board with all key stakeholders • Independent privacy oversight • Open & transparent • Requirement #6: Governing institution must be self-regulating community-owned non-profit
Public Trust • Trustworthy Technical Architecture • Prevent large-scale information loss • Searchable database offline • Carefully screen all employees • Prevent inappropriate access to individual records • State-of-the-art computer security • Strong authentication • No searching capability • Secure operating system • Easier to secure central repository: efforts focus on one place • Requirement #7: Technical architecture must prevent information loss and misuse
Health Record Banking Model • All information for a patient stored in Health Record Bank (HRB) account • Patient (or designee) controls all access to account information [copies of original records held elsewhere] • Each HRB has three interfaces: • Withdrawal window - record access • Deposit window - receives new info • Search window - authorized requests • When care received, new records sent to HRB for deposit in patient’s account • All data sources contribute at patient request (per HIPAA)
Encounter data sent to Health Record Bank Patient data delivered to Clinician Clinician’s Bank DATA NOT SENT Secure patient health data files Optional payment Clinician EHR System Encounter Data Entered in EHR YES Patient Permission? NO Health Record Bank Clinician Inquiry Clinical Encounter Health Record Banking
Secondary Use Implications • Privacy is protected through consumer control • Each consumer customizes their own privacy policy • Health record banks facilitate secondary use • Searches over populations easy • Not necessary to release data • Counts of matches with demographics normally sufficient • Eliminates issues of “de-identification” and reuse • Can combine searches over multiple banks • Banks can notify individuals without knowledge of searchers (e.g. for clinical trial recruitment, drug withdrawal from market) • Banks collect fees to share with consumers
Policy Recommendations (1 of 2) • Consumer has complete legal ownership and control of health record bank information • No exceptions needed as copies of information are elsewhere • Information protected from • Change in ownership • Failure of customer payment • Bankruptcy • Consent for single-purpose access only • No coerced consent • All holders of electronic medical information required to provide it within 24 hours of creation at no charge (on patient request)
Policy Recommendations (2 of 2) • Include health record banks as covered entities under HIPAA • Cover personal health information in all locations • Require independent privacy & confidentiality audits of health record banks • Certification of auditing entities • Public disclosure of audits • Require security procedures sufficient to enforce privacy & confidentiality policies
Questions? For more information: www.healthbanking.org www.yasnoff.com William A. Yasnoff, MD, PhD, FACMI william.yasnoff@healthbanking.org 703/527-5678