290 likes | 406 Views
Google, Microsoft, and the Future of Medical Information. MLG 2008.04.28. Where is Your Medical Information?. Where is Your Medical Information?. Your general practitioner’s office The specialist your GP referred you to Your insurance company Your old pediatrician’s office Your dentist
E N D
Google, Microsoft, and the Future of Medical Information MLG 2008.04.28
Where is Your Medical Information? • Your general practitioner’s office • The specialist your GP referred you to • Your insurance company • Your old pediatrician’s office • Your dentist • Your high school • The hospital where you went to the ER • Your pharmacy • Your parent’s filing cabinet • Your own memory • Your medical alert band • Etcetera!
Problems • Difficulty in accessing medical information in a timely fashion can lead to • Incorrect diagnoses • Inappropriate drugs & treatment • Redundant testing: costly and sometimes dangerous (e.g. X-rays) • Information may be hard to access even within a single hospital! • Central data base • Doctors’ handwritten notes • Printed reports used by staff
Consequence • 2/3 of hospitals rely on paper records • 9/10 doctors rely on paper records • Institute of Medicine: • 1 million preventable medication injuries annually • 100,000 deaths per year • Dartmouth Health Atlas: • More than $10 billion a year in unnecessary tests for Medicare patients alone
Fixing the Problem • Hospitals, insurance companies, and doctors’ practices are scrambling to install more flexible, integrated systems • Massive costs • Rarely achieves integration across institutions • Does not capture informal medical information: what you know about your own health and lifestyle • Is there an alternative?
Google & Microsoft • Google and Microsoft are both pursuing the vision of becoming trusted health information holders • One place to keep copies of all of a patient’s information • Instant online access • Provide off-site storage and backup • Employ a modern data management architecture • Provide value during incremental deployment
Tectonic Shifts in the Health Information Economy • Kenneth D. Mandl, and Isaac S. Kohane, New England Journal of Medicine, 358;16, pg. 1732, April 17, 2008 • Buzzword: Personally Controlled Health Records (PCHR) • Scenarios: • Information integration • Research participation • Privacy (HIPAA) issues
Scenario: Information Access • Susan has inflammatory bowel disease. She is treated at a gastroenterology practice and has had an inpatient admission at one hospital, a visit to an emergency department at another hospital, and test results at a laboratory. • She logs into her hosted PCHR at a secure Web site. Since she has established subscriptions to automatic updates from each of these clinical entities, her PCHR is current with copies of those data. • The PCHR enables the patient to authorize access to information (views or even copies of the record) to others, including clinical providers, family members, health care proxies, and researchers, and to intelligent software agents suchas a disease-management tool.
Scenario: Research Participation • Through her PCHR interface, Susan signs up for notification of open research studies on inflammatory bowel disease. • Her eligibility is determined by a combination of her demographic characteristics, responses to a brief survey, and the clinical contents of her PCHR (e.g., diagnoses and medications). Five study matches are returned, and she chooses to participate in two. • The first match is a randomized clinical trial of a medication with local enrollment at the hospital where she visited the emergency department. She makes an appointment and enrolls in person. • The second study is a non-interventional prospective cohort study from an academic medical center located on the opposite coast. There is a small financial incentive to participate. • The patient enrolls in this study with an online consent, agreeing to make select contents of records available to study investigators on an ongoing basis and to answer monthly online questionnaires.
Key Idea: Patient Owns Her Data! • Today: sending information between healthcare organizations require complex agreements between them: • Data formats • Maintaining privacy • Cost sharing • PHRC model: Patient claims data at each organization, authorizes subscriptions through her PHRC
Google Health Video • Eric Schmidt on YouTube: • http://www.youtube.com/watch?v=dTZKNcx9sBA • Healthcare Information and Management Systems Society Annual Conference in Orlando, on February 28, 2008.
Health Insurance Portability and Accountability Act (HIPAA) Who must follow this law? Doctors, nurses, pharmacies, hospitals, clinics, nursing homes Health insurance companies, HMOs, employer group health plans Medicare and Medicaid What information is protected? Information your doctors, nurses, and other health care providers put in your medical record Conversations your doctor has about your care or treatment with nurses and others Information about you in your health insurer’s computer system Billing information about you at your clinic
HIPAA • Your information can be used and shared • For your treatment and care coordination • To pay doctors and hospitals for your health care • With your family, relatives, friends or others you identify • To make required reports to the police • Your health information cannot be used or shared without your written permission unless this law allows it!
HIPAA Implications for Research • Includes strict rules on how data can be used in research in order to protect subjects’ privacy • Huge $$$$ penalties for violation • E.g.: Definition of a “de-identified data set”
HIPAA De-identified Data • Data must be stripped of… • Names • Geographic subdivisions smaller than a state (i.e., no city, no zip code), except for the initial three digits of the zip code if, according to the current publicly available data from the Bureau of the Census, the geographic unit contains more than 20,000 people • Any date (except year; i.e., no month or day of month) • For subjects older than 89 years of age, specific age may not be mentioned • Telephone number • Fax number • E-mail address • Social security number • Medical record number • Health plan beneficiary number • Any other account numbers • Certificate or license numbers • Vehicle identification number • Medical device identification or serial number • Personal website URL • Internet protocol (IP) address • Fingerprint, voiceprint, or other biometric identifiers • Full-face photographic images • Any other unique identifying number, characteristic, or code
Access to De-Identified Data • “To gain access to de-identified information, the investigator should complete the De-Identified Data form and submit it to the IRB Office (of their university). The request will be reviewed and the investigator will receive a statement from the IRB office that can be given to the ‘covered entities’ that are holding the needed protected health information.”
HIPAA and PHRCs • HIPAA does not apply to PHRCs, because they are not defined as healthcare or insurance organizations! • Bills have been introduced in Congress each year since 2006 to regulate PHRCs, but have never been enacted • Discuss Pro/Con: Should HIPAA apply to PHRCs?
How Perfect is HIPAA? • Critics of PHRCs say that encourage / force users to “opt out” of HIPAA protections • But… • Do patients really have the option to refuse to give information to e.g. insurance companies? • Consider case of person getting a physical exam covered by insurance that uncovers a medical condition that may require expensive treatment in several years • Does HIPAA always protect the privacy of subjects?
No Place to Hide — Reverse Identification of Patients from Published MapsNEJM, Oct 19, 2006