Ways to put the patient first when collecting health data

by Andrew Oram

This was originally published on O’Reilly Media’s Strata blog, June 10, 2013.

The timing was superb for last week’s Health Privacy Summit, held on June 5 and 6 in Washington, DC. First, it immediately followed the 2000-strong Health Data Forum (Health Datapalooza), where concern for patients rights came up repeatedly. Secondly, scandals about US government spying were breaking out and providing a good backdrop for talking about protection our most sensitive personal information—our health data.

The health privacy summit, now in its third year, provides a crucial spotlight on the worries patients and their doctors have about their data. Did you know that two out of three doctors (and probably more—this statistic cites just the ones who admit to it on a survey) have left data out of a patient’s record upon the patient’s request? I have found that the summit reveals the most sophisticated and realistic assessment of data protection in health care available, which is why I look forward to it each year. (I’m also on the planning committee for the summit.) For instance, it took a harder look than most observers at how health care would be affected by patient access to data, and the practice of sharing selected subsets of data, called segmentation.

What effect would patient access have?

An odd perceptual discontinuity exists around patient access to health records. If you go to your doctor and ask to see your records, chances are you will be turned down outright or forced to go through expensive and frustrating magical passes. One wouldn’t know that HIPAA explicitly required doctors long ago to give patients their data, or that the most recent meaningful use rules from the Department of Health and Human Services require doctors to let patients view, download, and transmit their information within four business days of its addition to the record.

At both the Datapalooza and the privacy summit, patient access was not universally acclaimed but considered a minimum requirement for improving health care. It allows the patient to find critical errors, simplifies the sharing with other doctors who are treating the patient, and helps the patient comply with medical advice. Old complaints that patients don’t care or might not understand the contents of the record no longer hold water. Law professor Barbara Evans pointed out that, "To police privacy, you have to know what’s in your records." In fact, four days is seen as unreasonably long to withhold information, given how quickly medical conditions can become dangerous.

Read access is one thing, but write access raises its own concerns—actually, the same old concerns with a new urgency. Doctors worry that they cannot trust data from patients, and might be held liable for decisions they make based on wrong data. The question of provenance thus requires electronic records to contain fields that indicate the source of data.

Write access by patients cannot be a matter for compromise. Fitness devices and other medical advances are opening up huge new sources of data that can save lives. For instance, one can wear a device that monitors one’s heart rate or blood pressure and sends information to the medical record at regular intervals. There are probably encryption and signing techniques that can assure doctors the patient has not falsified results. The bottleneck to deploying these technologies is the medical record itself, which is rarely set up to accept such data. The doctor must also learn how to use it.

A still higher stage of patient control would take the records away from the doctors altogether and store them with the patient. This is eminently logical—why should you have to go to a dozen different providers to gather a few years’ worth of records? Separate health information exchanges—organizations that charge doctors for exchanging data and, even so, have trouble surviving financially—would evolve into more useful services. Patient control over records would also give patients some control over the dizzying array of places their data goes, often without their consent.

Skeptical doctors point out how little interest their patients (especially the ones who need to show the most interest) take in their health. Moving data to patients will start among a small, educated cohort, but could be widespread if the medical field seriously promoted it, and if a cloud solution like Microsoft HealthVault made it easy.

Cloud computing was discussed at the summit. Lie most aspects of health care, panelists insisted on more transparency there, such as knowing what company runs the underlying storage network, but their general view seemed positive.

Segmentation—still a lot of mire

Ideally, a health provider dealing with a broken bone or a cut would not be prejudiced to learn of your sexual orientation, mental health, or drug habits. But in many places, patients have to protect themselves. They also may choose to participate in research studies without releasing certain sensitive information.

Therefore, one of phantoms being chased by privacy advocates is data segmentation, the ability of a patient to share data with certain people while withholding it from others. Segmentation even made it into a major report by the President’s Council of Advisors on Science and Technology on health data.

Scads of problems are raised by segmentation, not so much technical as procedural, with some policy thrown in.

For instance, patients have trouble telling what might reveal a condition they want hidden. If an HIV patient reveals the list of medications he’s taking, a knowledgeable outsider can easily tell he’s HIV-positive. Even a note in the record that a patient is sensitive to some medication can reveal the condition that makes him sensitive. Free text, which is a large part of medical records, is difficult to handle in segmentation.

Although we don’t seem to have corralled this beast yet, many advances were described at the summit. Pilot systems can tag data with the patient’s preferences. When requests for data come in, these systems hide any data that the patient has restricted and that the requester is not supposed to see. One such system analyzes the record to remove all information that could inadvertently reveal the hidden diagnosis. When there’s a sensitive condition, the system usually omits all free text.

As many people pointed out at the summit, segmentation is an imperfect solution to the stigma attached to many medical conditions. Different diseases have been frowned on at different stages in history, and public education has alleviated some of the shame. Such education is needed so that people don’t have to be afraid about sharing their mental health, or other such conditions.

Author’s home page
Other articles in chronological order
Index to other articles