Yasnoff on eHealth

In a recent interview with David Beyer of Patients Know Best, I discuss the future of health information infrastructure. In it, I describe the overall goal of HII (universal availability of comprehensive electronic patient information when and where needed) and the two key tasks needed to accomplish this goal (universal EHR adoption and a mechanism for aggregating each patient’s records). I explain how and why the current approach using “health information exchange” (HIE) that leaves records with the providers that created them is not working. Finally, I describe in some detail how the use of health record banks, community-based repositories of electronic patient records with access controlled by the patients themselves, can solve the problems of privacy, stakeholder cooperation, assuring all-electronic, standardized records, and financial sustainability that have hampered efforts to develop HII so far.

This information was also presented in an earlier Viewpoint article, “Putting Health IT on the Path to Success” in the Journal of the American Medical Association (subscription required for full access).

My guest column posted today at NHINWatch describes the evidence — now compelling — that our efforts to build a nationwide system of health information exchanges (HIEs) are failing. Health record banks are a feasible alternative, as explained in detail in the recent Architecture and Business Model white papers from the Health Record Banking Alliance. Are we ready to try a new approach that can succeed?

The recent New York Times article on increased healthcare costs from electronic records (“Medicare Bills Rise as Records Turn Electronic”, 9/21/12) seems at first glance to be discouraging. Aren’t electronic medical records supposed to reduce healthcare costs?

On reflection, it’s really not surprising that as physicians adopt electronic records, reimbursements, which are currently based on the quality of documentation, are increasing. The improvements in that documentation resulting from electronic records naturally increase payments. Ultimately, we need to change the health care payment system from rewarding activity to rewarding good care. But how can we realistically do that unless comprehensive patient information is available to accurately assess whether the care provided is truly appropriate?

Imagine an aircraft maintenance system where individual planes are repaired in various airports around the country, but all the repair records remain where the work is done. No mechanic would have access to the complete repair history of any plane. Crazy, right? Yes, but very much analogous to how we handle health care records. Wherever you receive care, a record – be it paper or electronic – is left behind, and no doctor has ready access to your complete history. It’s no wonder that healthcare costs are so high and that there are so many avoidable medical errors and adverse events.

Just making all medical records electronic will not solve this problem. We also need to create a mechanism to aggregate all your scattered records into a complete whole when they are needed. Of course, this must be done in a way that protects patient privacy, and ensures that medical record access is only available with your permission.

A simple, but largely unexplored, solution to this problem is the community health record bank. Such a health record bank would provide each person with a free account where copies of all their health records would be deposited when they are created. All access to the medical records in each account would be controlled by the patient to protect privacy. A nonprofit patient-governed community organization would run the bank, and it would be paid for by new and innovative uses of your health information with your permission. For example, most people would gladly pay a few dollars a year so that their loved ones would immediately be notified if their health record bank account were accessed by emergency medical personnel – meaning that emergency care was being given.

How would this help reduce healthcare costs? The anticipated efficiencies and improvements from electronic records will not primarily come from making the existing silos of paper records electronic – rather, the savings will result from having comprehensive records for each patient available when and where needed. For example, how can unnecessary duplicate tests and procedures be avoided without access to all the records of each patient?

So why hasn’t this straightforward health record bank solution been implemented? The simplest explanation is a “failure of imagination.” In our current record system, when a provider finds out that there are needed records at another provider site, those records are requested and (hopefully) transmitted – albeit typically by fax. Much of the current work towards electronic “health information exchange” has been directed to automating this process. However, it is very difficult, complex, and expensive to assure complete patient records by instantly finding, retrieving and integrating them from the various locations where they exist (more on this in a future blog). And, to make matters worse, while the health record bank solution is good for everyone, none of the existing healthcare stakeholders can easily take on this responsibility because they would not readily be trusted to avoid using the information to gain an unfair competitive advantage. Finally, patients, who would benefit most, typically do not have an effective voice when these issues are considered.

So if we are to really get the benefits of electronic medical records, and take advantage of their significant potential to improve the quality and lower the cost of healthcare, we need to begin implementation of a solution that will really solve the problem — like health record banks. Comprehensive electronic health records are an essential prerequisite for controlling health care costs while ensuring quality. Of all those concerned about these issues, who will step in and provide the seed funding needed to solve this problem?

As work continues across the country to develop our health information infrastructure, we need to be able to objectively evaluate our progress. In a recent column at NHINwatch.com, I describe the methodology a colleague and I developed for this, which was validated and published in the Journal of Biomedical Informatics.

My guest column posted today at NHINWatch describes the imminent launch of a health record bank (HRB) by the Data Privacy Lab at Harvard. Notably, this is the first time that a major academic institution has hosted an HRB. All stored data will be double encrypted (like the two keys of a safe deposit box) to ensure that only the account holders have access. That, along with the secure and neutral environment, should go a long way to engender consumer trust. As it becomes more widely understood that successful health information infrastructure depends on having each patient’s comprehensive records in one place under the patient’s control, you can anticipate that additional HRBs will be established following Harvard’s lead.

In a guest column posted today at NHINWatch, I explain how health record banks (HRBs) can successfully address the three key challenges of health information infrastructure in communities (privacy, stakeholder participation, and financial sustainability) and describe the national and international group of experts who will hold their inaugural meeting at the upcoming HIMSS 2012 to discuss strategies to promote and accelerate development and adoption of HRBs.

In a guest column posted today at NHINWatch, I explain why we need health record banks to solve the health IT problem.

Today, the nation’s first large-scale health record bank (HRB) began operations in Phoenix, Arizona. Known as eHealthTrust, it provides consumers with the opportunity to have a secure place to collect and store their health records under their control. I am pleased and honored to be leading the team that developed and implemented this project.

Folks watching this blog know that it’s been quite a while since I’ve posted anything (almost two years!). It’s not because I haven’t had anything to say — rather, I’ve been busy taking my own advice. Specifically, it’s been clear to me for some time that the key problems that need to be solved to enable access to comprehensive electronic patient records when and where needed are: 1) privacy; 2) stakeholder cooperation; 3) making all the medical records electronic; and 4) financial sustainability. A health record bank can solve all these problems, provided it has the right business model. Which brings me back to Phoenix …

The eHealthTrust health record bank is offering lifetime accounts for a one-time $99 fee. Ongoing revenue comes from optional reminders and alerts, such as the “peace of mind” reminder that instantly notifies your loved ones if your HRB account is accessed by an ER physician. eHealthTrust also will be providing free EHRs for office-based physicians in the Phoenix area (or subsidies for existing systems) to ensure that all the records become electronic. We anticipate working very closely with the local Regional Extension Center (REC) to help physicians make the transition to EHRs and meet the Meaningful Use criteria so they can take advantage of the substantial Medicare and Medicaid subsidies over the next few years ($44,000 for Medicare and $63,750 for Medicaid).

What do eHealthTrust members get for their $99? A secure, electronic “safe deposit box” for their medical records that will be automatically populated over time. Initially, medication and some laboratory data will be loaded, along with a problem list from their primary care physician (if available). Later, more lab data along with hospital discharge summaries, imaging and pathology reports, and encounter reports from physician EHRs will be added (as connections to data sources are made and more physicians adopt EHRs and link them to the HRB). We will also be working to make HRB records available to EMTs while they are traveling to the site of a 911 medical emergency.

What about privacy and security? All access to eHealthTrust information is with the permission of the member, so each member gets to set their own privacy policy. The data are stored in an ultrasecure data center with backup power and Internet connectivity to assure both security and availability.

Why should you care? If you are in the Phoenix area, you should go to the eHealthTrust web site and sign up now. Then you will be able to have, for the first time ever, a secure and private place where your medical records will be available, under your control, to share with your health care providers (and family, too, if you wish).

What if you’re not in the Phoenix area? Hopefully, a health record bank will be coming to your community very soon. More importantly, the success of eHealthTrust in Phoenix will mark the beginning of the solution to the problem of delivering comprehensive electronic patient records when and where needed — which has been a national priority since the President created the Office of the National Coordinator for Health Information Technology in 2004. Lack of availability of such records results in duplicate testing and procedures, as well as costly (and sometimes dangerous) medical errors. There is good evidence that more complete information will both reduce costs and improve quality — which would certainly be good news for health care.

So watch this space for further developments about health record banking — and join us in the hope that this will be a major step forward for health care not just in Phoenix, but across the entire country.

In an op-ed article in Business Week online posted 12/19/08, I describe how health record banks (HRBs) can solve the problem of making complete patient records available at any point of care while providing electronic medical records (EMRs) to all physicians and fully protecting individual privacy. I then outline the policies that the new Obama Administration should adopt to encourage the development of health record banks with only relatively modest new Federal expenditures.

I think these issues are particularly timely and relevant since funding for health information technology is being included in the Economic Recovery bill currently being drafted. Funding alone will not solve this problem; the expenditures must be directed towards a feasible and sustainable system.

In brief, the Federal Government should take four steps to create an effective health IT system that delivers complete patient records at any point of care:

I believe that these policies will lead to an effective, self-sustaining, private-sector health IT system that provides heavily subsidized EMRs to all physicians and fully protects individual privacy.

There are more details about these and related issues in the new book just published by HIMSS entitled, “Personal Health Records: The Essential Missing Element in 21st Century Healthcare” which I co-authored with Holly Miller, MD, MBA, and Howard Burde, Esq. It provides a comprehensive overview and discussion of the many issues pertaining to the adoption and use of personal health records, with chapters on PHR architecture (including the health record bank model), PHR law, and PHR business sustainability models.

In this posting, I wanted to respond to a few FAQs about the policies I’ve recommended.

How much would your plan cost?

Since there are about 100 million Federal health beneficiaries, the new HRB account benefit of $12/person/year would cost a maximum of $1.2 billion/year (if everyone signed up). This amounts to 0.2% of health care costs. Conservative analyses can easily demonstrate health care cost savings of 2% as a result of HRB accounts through improving chronic disease management and avoiding preventable hospitalizations due to outpatient adverse drug events, duplicative imaging studies, and unnecessary repeat laboratory work. This 2% total savings amounts to ten times the proposed payment for a health record bank account. But even if these estimates are grossly inaccurate, the savings most certainly will be at least as great as the expenditures, not counting additional value from more timely and complete availability of information to medical researchers, public health officials, and policymakers (with consumer consent).

Won’t a health record bank cost more to operate than your $1/person/month estimate?

The recent Center for Information Technology Leadership report on Cost and Value of Personal Health Records (PHRs) estimates the cost of an “interoperable PHR system” (i.e., a health record bank) at $8/person/year if there are 500,000+ subscribers. My own data shows that the cost will be about $6/year (50¢/person/month) with 1 million subscribers. So the estimate I use of $1/person/month is, if anything, a bit too high.

How much will it cost to subsidize electronic medical record systems for physicians?

To subsidize each physician at the rate of $5,000/yr for an Internet-accessible EMR system (which would cover most of the EMR system cost) would require about $10/person/year. The way I get $10 is that there are about 600,000 physicians and 300 million total population in the U.S. Therefore, there are about 500 people/physician — therefore, to get $5,000/physician, the cost/person is $10.

What is the business model for a health record bank?

Revenue would be about $5/year from advertising to consumers (like the advertising you see on Google) and $12/year from reminders and alerts, for a total of $17/year. The reminders and alerts would be services such as: 1) notifying you instantly if the HRB account of any of your loved ones is touched by an emergency room physician; 2) “prevention advisor” giving you reminders of anything you need to do to stay healthy (e.g. colonoscopy, etc.); or 3) medication reminders (for each dose and/or for refills). The first two would be paid by consumers (or perhaps even by health plans), the last one by pharmaceutical firms. In any case, I think $1/person/month (or $12/year) in revenue for all reminders is very conservative, even allowing for the fact that some consumers will not want to pay for any of them.

Expenses would be $6/year for the basic operation of the bank and $10/year to subsidize each physician in the amount of $5,000/year for an Internet-accessible EMR system.

With revenue of at least $17/year and expenses of only $16/year, a health record bank is profitable. And this analysis includes not only the cost of the HRB itself, but also subsidies for all the EMRs for physicians. Finally, note that I have not invoked (or tried to capture) a penny of health care cost savings in this business model.

***

In summary, health record banking provides a self-sustaining, private-sector health IT solution that can deliver complete patient records at any point of care, subsidize EMRs for physicians, and fully protect privacy. While it is highly likely that HRBs will result in substantial health care savings, their financial sustainability is based solely on the new value that they create for consumers.

In my last posting, I explained why the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule does not really assure our privacy. This time I want to address another widespread myth – namely, that personal health records (PHRs) have no privacy protection. The news here (thankfully) is good – it turns out that publicly-available PHRs are in fact subject to quite stringent privacy protections under Federal law. In view of this, the frequent calls that are heard to extend HIPAA privacy “protections” to PHRs are misguided at best. HIPAA does not protect privacy and, as you will soon see, extending that “non-protection” to PHRs would actually eliminate our existing protections.

In 1986, the Electronic Communications Privacy Act (ECPA) was enacted (also known as the Stored Communications Act or SCA). The purpose of this law was to protect the privacy of electronic communications (primarily e-mail) and also data stored by a remote computing service. Specifically, ECPA prohibits the operator of a publicly-available remote computing service (such as a PHR) from releasing any information to any private party for any reason without the consent of the subscriber. Unlike HIPAA, there are no exceptions for treatment, payment, health care operations, or anything else. Therefore, at least for publicly-available PHRs, such as Microsoft HealthVault or Google Health, the organization holding the information MUST GET YOUR PERMISSION before releasing any of your data to any private party. The law is not long or complicated – I urge you to read it yourself if you have any doubts.

While the ECPA law was not expressly directed to PHRs (which were not really contemplated in 1986), or the Internet (which had yet to gain widespread attention and use), Congress did specifically consider the issue of health records in its deliberations. Senate Report No. 99-541, (1986), said “[t]he Committee also recognizes that computers are used extensively today for the storage and processing of information. With the advent of computerized recordkeeping systems, Americans have lost the ability to lock away a great deal of personal and business information. For example, physicians and hospitals maintain medical files in offsite data banks, …” (emphasis added, quoted from page 7013 of this recent Federal Appeals Court decision) Therefore, it was clearly the intent of Congress to protect our electronic medical records with this law.

Unfortunately, this does NOT mean that all PHRs are protected by Federal law. Only those that are “publicly-available” are included. While this clearly would apply to generally available web-based PHRs, systems provided only to specific individuals by employers, insurers, and even healthcare providers are less likely to be considered “publicly-available.” Therefore, ECPA protection is limited. So you are only covered if you use a PHR that is available to anyone. Clearly, it would be good to extend this strong Federal protection to all PHRs.

Another reason for concern if you use a PHR that is supplied by a HIPAA “covered entity,” (which would include physicians, hospitals, employers, and health insurers) is that HIPAA, as explained before, does not protect your privacy. The holder of the information is allowed to release your data WITHOUT your consent for “treatment, payment, or health care operations” (TPO) without the necessity of keeping any records of such disclosures to prove their legitimacy after-the-fact. And even if a PHR from a HIPAA covered entity were to somehow be considered “publicly-available” and therefore be subject to ECPA, the legal argument is that HIPAA provides the consent required under ECPA for TPO uses (and therefore your information could still be released without your consent).

Having read this far, it should now be quite clear to you that extending HIPAA “protections” to PHRs makes no sense and would actually have the effect of making these systems just as unaccountable as everything else covered by HIPAA. On the other hand, extending the EPCA law to all PHRs (not just those that are “publicly-available”) would truly give us all strong Federal privacy protections (at least for our PHRs).