As if we knew this would happen. It looks like the stimulus plan is on its merry way, with substantial funding for electronic medical records; not surprising given the administration's published Technology Agenda. Yesterday, Kurt did a great job outlining why the Obama stimulus plan has implications on health care privacy. Now, The Healthcare Blog reports in today's story "The stimulus pregame" about another privacy battle with the pharmaceutical industry:
| |
"... Business interests want more ability to use health care data to market their products and identify people who can be treated more effectively data mining for example. Privacy interests want tighter control of that data. Can a doctor or a hospital make money selling people's medical data? Could data ultimately be used to discriminate against people? Can drug companies pay doctors to send a letter to certain patients touting medications? Where does a system of information that could be used to alert patients to new treatments and used to track trends in health care effectiveness become at cross purposes with privacy?" |
Is history repeating itself? The U.K. is a few years ahead of the U.S. in implementing a large, secure infrastructure for electronic medical records to improve patient safety, quality of care and reduce both medical errors and health care cost: SPINE. In 2006, one person was falsely labeled as an Alcoholic. After she tried unsuccessfully to get the erroneous entry corrected, a movement emerged that led more than 200,000 people to seek an opt-out from the health care database. The project is called "The big opt out". The activists are concerned about different aspects of privacy. One threat is insider abuse, since SPINE uses a national health record database with access by100,000s of people (care providers) to 15 million medical records, privacy seems to be at risk. Another threat is - exactly as mentioned in "Stimulus pregame"- use of records for advertising and data mining.
Wait a minute. Isn't that what Health 2.0 is all about? Aren't American consumers (supposed to be) willing to put their private health records into sites like Microsoft HealthVault or google health which, surprise, surprise, are funded by advertising? And who might those advertisers be? PBS?
| From the Microsoft Privacy website: |
|
If American consumers are willing to risk their privacy by using un-controlled PHR sites, maybe we don't have to worry about privacy concerns in the U.S.? Well, if you ask me, I'd rather have a government controlled (HIPAA), secure infrastructure handling my health information, than Microsoft HealthVault, where I know their motivation to take care of my health data is using it for all kinds of advertising.
Besides - nobody in the U.S. is really planning A national repository - recent RHIO implementations and the NHIN framework all create ad-hoc health summary reports that leave data in the custody of the responsible custodians.
Why the privacy discussion is important in the context of the stimulus plan
I do think that research data we have from e-Commerce supports the hypothesis that maintaining privacy is critical to earn and keep the trust of the American public, and hence critical for the success of the EMR initiative put forward in the stimulus plan.
The logical connection is this:
1. The Obama administration links investment into health care IT to future cost savings (as expressed in the Technology Agenda). We know we need to reduce health care spending, so it makes sense to consider the necessary infrastructure investment as part of economic stimulus, as it will most certainly create jobs.
2. In order to achieve cost savings from electronic medical records, a nationwide, interoperable exchange system for electronic medical records needs to be created (compare Walker et al, Health Affairs 2005). Such an exchange would link millions of records and make them available to hundreds of thousands of care providers. It can be discussed if this should be primarily at the local, regional and state level, but ultimately we want our health records to be available for Ski accidents in Utah and Sting Ray accidents in Florida.
3. For e-Health and e-Commerce alike, Trust is an important antecedent or precondition. In order to gain and keep trust of the public, so they accept and support nationwide sharing of electronic medical records, sensitive health information absolutely needs to be kept safe from unauthorized and undesired use.
4. Therefore, the same bill that includes investments into electronic medical records, also contains provisions to tighten HIPAA controls on data privacy. Providers like google or Microsoft or most of the other Health 2.0 crowd are NOT covered by HIPAA, so its questionable how any of these provisions will apply to them.
Summary
It's a good thing the Obama administration reads literature about the importance of privacy protection for the acceptance of electronic health records (EHR) (at least it seems so). Not only does the current stimulus plan include funding for the promotion of EHR, it also comes with very strong incentives to keep data private. This will be, based on studies conducted in the e-Commerce space, important for acceptance.
The current discussion about privacy risks caused by pharmaceutical advertising in electronic health record networks is helpful to highlight the difference between privacy regulation in HIPAA controlled institutions, and the uncontrolled Health 2.0 space, which is already very dependent on advertising.
![[my boss] about public sector (Government, Education and Health care)](http://www.unitedfeatures.com/ufs/images/comics/characters/cast_dilbert_The_Boss_sm.gif)
Privacy is definitely a huge issue, one that will require stringent regulation by government. There is no doubt about the benefits of sharing healthcare information to improve patient care and streamline settlement. However, as you've mentioned, there are many other parties with interests that may or may not benefit the consumer. While information security is a big concern, regulations protecting consumers are far more important. Most consumers willingly surrender or grant access to personal information without due diligence, trusting in the entities, private or public, to do the right thing. Current regulations do little to protect them.
The financial and telecommunications industry are good examples where regulation has evolved after-the-fact. Laws preventing telemarketing calls, fax spam, slamming, etc., were passed after the problems became serious. Exchange of financial info thru credit bureaus raised many issues resolved by laws giving consumers rights to access personal information and dispute inaccuracies, as well as opt out of marketing.
The consequences of unregulated exchange of healthcare information can easily lead to discrimination of patients with respect to care and coverage, and affect their rights in other unrelated areas. It would have a far more serious impact than use for marketing purposes. For example, derived information, such as a health score, could be traded to determine auto insurance, employment, etc. Of course, the most obvious use (most feel that it's abuse) is for marketing purposes, but I believe that this is the least of our concerns.
It's important that these gaps are addressed before the fact rather than after, either thru passage of new laws, or thru the applicability of current laws in other fields. Without a clear understanding and agreement by stakeholders on these issues, the industry will most likely violate consumer trust. And since government is responsible for protecting consumers, it has a leadership role to play in preserving that trust.
Posted by Sunil Sud on February 22, 2009 at 10:01 AM PST #