Key Requirements for Community Health Information
Download
Report
Transcript Key Requirements for Community Health Information
NCVHS Secondary Data Uses Work Group
Hyattsville, MD
July 19, 2007
Health Record Banks Enable
Secondary Data Use with
Privacy Protection
William A. Yasnoff, MD, PhD, FACMI
CEO, Health Record Banking Alliance
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
© 2007
Health Record Banking Alliance
Virginia non-profit formed 6/06; first met 9/06
Purpose: promote the concept of health
record banks:
Consumer-controlled independent
repositories of health records
Broad participation, no formal membership
HIT vendors & organizations
Health record bank organizations
Consultants (HIT & health policy)
Privacy advocates
100+ on e-mail list
Monthly Meetings
Draft principles developed & posted on web
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
2
© 2007
1. Policies Needed to Achieve
Effective Secondary Data Use
Strong public support of secondary use
81% support use of electronic health
records for research [Markle
Foundation 9/05]
But public also wants control of their
information [Harris Interactive/WSJ 9/06]
64% of adults said they would like to
have access to an electronic medical
record (EMR) to capture medical
information
62% agree that "electronic medical
record use makes it more difficult to
ensure patient privacy.”
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
3
© 2007
1. Policies Needed for
Secondary Data Use (cont.)
Policies needed:
Individual right to medical privacy
Individual may own a complete
copy of all their medical records
Individual controls ALL use of their
medical information
Consent required for any use
– May be provided in advance
– May be granted for person,
organization, specific study, etc.
– Specific to single purpose only
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
4
© 2007
2. Adequacy of Privacy
Protection Under Current Law
HIPAA regulations are inadequate
Treatment, payment, operations
(TPO) exceptions seem reasonable
However TPO determination is
done by organization that has data
No disclosure, reporting, or
effective oversight
Not consistent with Fair Information
Practices (HHS, 1973)
No technical reason why individual
consent cannot be obtained
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
5
© 2007
3. Uses of Health Data with
Insufficient Protection
All uses have insufficient protection
because HIPAA is inadequate
No disclosure of specific uses
Individuals cannot opt out of use of their
information
Individuals cannot find out what their
information is used
Individuals cannot prevent their information
from being used against them
“De-identification” is virtually never
absolute -- data can usually be re-identified
Violates Hippocratic Oath
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
6
© 2007
4. Other NHIN-related health
information use issues
Requirements for Community Health
Information Infrastructure
Health Record Banking Model
Secondary Use Implications
Policy Recommendations
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
7
© 2007
Components of a
Community Health
Information Infrastructure
Stakeholder
cooperation
Complete
Electronic
Patient
Information
Financial
Sustainability
Public
Trust
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
8
© 2007
Complete
Electronic
Patient
Information
Most information is already electronic: Labs,
Medications, Images, Hospital Records
Outpatient records are mostly paper
Only 10-15% of physicians have EHRs
Business case for outpatient EHRs weak
For outpatient information to be electronic, need
financial incentives to ensure that physicians acquire
and use EHRs
Requirement #1: Financial incentives to create good
business case for outpatient EHRs
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
9
© 2007
Complete
Electronic
Patient
Information
Need single access point for electronic information
Option 1: Gather data when needed (scattered model)
Pro: 1) data stays in current location; 2) no
duplication of storage
Con: 1) all systems must be available for query
24/7/365; 2) each system incurs added costs of
queries (initial & ongoing); 3) slow response time;
4) searching not practical; 5) huge interoperability
challenge (entire U.S.); 6) records only complete if
every possible data source is operational
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
10
© 2007
Complete
Electronic
Patient
Information
Need single access point for electronic information
Option 2: Central repository
Pro: fast response time, no interoperability
between communities, easy searching, reliability
depends only on central system, security can be
controlled in one location, completeness of record
assured, low cost
Con: public trust challenging, duplicate storage
(but storage is inexpensive)
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
11
© 2007
Complete
Electronic
Patient
Information
Need single access point for electronic information
Requirement #2: Central repository for storage
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
12
© 2007
Stakeholder
cooperation
Voluntary
Impractical
Financial incentives
Where find $$$$$?
Mandates
New
Impractical
Existing
– HIPAA requires
information to be
provided on patient
request
Requirement #3: Patients
must request their own
information
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
13
© 2007
Financial
Sustainability
Funding options
Government
– Federal: unlikely
– State: unlikely
– Startup funds at best
Healthcare Stakeholders
– Paid for giving care
– New investments or transaction
costs difficult
Payers/Purchasers
– Skeptical about benefits
– Free rider/first mover effects
Consumers
– 72% support electronic records
– 52% willing to pay >=$5/month
Requirement #4: Solution must appeal to
consumers so they will pay
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
14
© 2007
A. Public Trust = Patient
Control of Information
Public
Trust
Requirement #5: Patients
must control all access to
their information
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
15
© 2007
Public
Trust
B. Trusted Institution
Via regulation (like banks)
impractical ??
Self-regulated
Community-owned non-profit
Board with all key stakeholders
Independent privacy oversight
Open & transparent
Requirement #6: Governing institution
must be self-regulating communityowned non-profit
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
16
© 2007
Public
Trust
C. Trustworthy Technical Architecture
Prevent large-scale information loss
Searchable database offline
Carefully screen all employees
Prevent inappropriate access to
individual records
State-of-the-art computer
security
Strong authentication
No searching capability
Secure operating system
Easier to secure central
repository: efforts focus on one
place
Requirement #7: Technical architecture
must prevent information loss and
misuse
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
17
© 2007
Health Record Banking Model
All information for a patient stored in Health
Record Bank (HRB) account
Patient (or designee) controls all access to
account information [copies of original
records held elsewhere]
Each HRB has three interfaces:
Withdrawal window - record access
Deposit window - receives new info
Search window - authorized requests
When care received, new records sent to
HRB for deposit in patient’s account
All data sources contribute at patient request
(per HIPAA)
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
18
© 2007
Health Record Banking
Encounter
data sent to
Health
Record Bank
Clinician’s Bank
Patient data
delivered to
Clinician
Secure
patient
health data
files
Optional
payment
Clinician EHR
System
YES
Encounter Data
Entered in EHR
Patient
Permission?
NO
DATA NOT
SENT
Health Record Bank
19
Clinical Encounter
Clinician
Inquiry
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
© 2007
Secondary Use Implications
20
Privacy is protected through consumer control
Each consumer customizes their own
privacy policy
Health record banks facilitate secondary use
Searches over populations easy
– Not necessary to release data
– Counts of matches with demographics
normally sufficient
– Eliminates issues of “de-identification”
and reuse
Can combine searches over multiple banks
Banks can notify individuals without
knowledge of searchers (e.g. for clinical trial
recruitment, drug withdrawal from market)
Banks collect fees to share with consumers
© 2007
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Policy Recommendations (1 of 2)
1.
2.
Consumer has complete legal ownership and
control of health record bank information
No exceptions needed as copies of
information are elsewhere
Information protected from
–
Change in ownership
–
Failure of customer payment
–
Bankruptcy
Consent for single-purpose access only
No coerced consent
All holders of electronic medical information
required to provide it within 24 hours of
creation at no charge (on patient request)
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
21
© 2007
Policy Recommendations (2 of 2)
3.
4.
5.
Include health record banks as
covered entities under HIPAA
Cover personal health information
in all locations
Require independent privacy &
confidentiality audits of health
record banks
Certification of auditing entities
Public disclosure of audits
Require security procedures
sufficient to enforce privacy &
confidentiality policies
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
22
© 2007
Questions?
For more information:
www.healthbanking.org
www.yasnoff.com
William A. Yasnoff, MD, PhD, FACMI
[email protected]
703/527-5678
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
23
© 2007