Archive for August, 2007

Scrap the national IT plan … and do it right instead!

Thursday, August 30th, 2007

by William A. Yasnoff, MD, PhD, and Deborah Peel, MD*

In a recent editorial, Modern Healthcare argues that the current national health information technology (IT) efforts should be abandoned since they can’t succeed unless “the federal government mandates a single healthcare information technology platform for all healthcare providers and heavily subsidizes its adoption.” While we agree that the current efforts are not progressing well, we are not willing to dismiss health information technology’s potential to improve care, increase efficiency, and reduce costs.

Health Record Banks and Consent Management Tools Can Overcome Problems with Current Health IT Efforts

Over the past several years, more than enough time and energy has been spent trying to automate our existing, inadequate system of health information “exchange” between various healthcare stakeholders. Not only have these efforts failed to solve the problem of making complete patient records available, they are also numbingly complex, frighteningly expensive, and a massive threat to privacy. It is time to use ‘smart’ technology and build a system of Health Record Banks that can provide more complete electronic patient information with informed consent whenever and wherever needed. Health record banks with independent consent management tools that automate the process of obtaining permission for each release of information can make the records needed for safe and effective medical care available while fully protecting every individual’s right to health information privacy.

Health Record Banks (HRBs) would provide everything needed for an effective nationwide health information system: 1) consumer-controlled access to medical records; 2) financial sustainability; 3) incentives for physicians to acquire and use electronic health record (EHR) systems in their offices; 4) ironclad privacy protection; 5) stakeholder cooperation; and 6) access to health data for consumer-authorized secondary uses such as medical research.

Each person would keep an up-to-date copy of their lifetime health record in an HRB “account.” All access to the information in the account would be controlled by the account-holder (the consumer), who would give permission for the necessary information to be available to health care providers. Each consumer would also have access to their own record, and could add and amend information as desired. All HRB record entries would be marked as to the source of the information. The Health Record Banking Alliance (HRBA) has been established to promote this approach to health information infrastructure.

Independent consent management tools would allow consumers to exercise control of access to each and every data field of their personal health information by specifying (and changing as needed) who has permission to see each item.

How Health Record Banks Work

When seeking care, the account-holder would identify their HRB, having previously granted permission for the caregiver to access his/her records (either all or part) through a secure Internet portal. Confidentiality can be assured when data is sent from the bank to a provider by contractually requiring its use only for the purpose(s) that the patient approved. When the care episode is completed, the caregiver would then transmit any new information generated to that same account in the HRB to be deposited in the account-holder’s lifetime health record.

HRBs themselves would have exclusive responsibility as the agent of each consumer, and would be required to follow stringent privacy and confidentiality practices to protect the information (either via open and transparent community oversight or legally-mandated government regulation). The Independent Health Record Trust bill recently introduced in Congress by Representatives Moore (D-KS) and Ryan (R-WI) with 48 bipartisan cosponsors (HR 2991) would create such a regulatory framework.

HRB operations would be inexpensive — less than $1/person/month once the number of customers is large (over 1 million). This small cost could be paid directly by patients or be included in health insurance benefit plans. Even if the health care savings generated from the availability of more complete patient information amounted to just a small fraction of the published estimates of about 8% of health care costs ($40+/person/month), HRBs would pay for themselves many times over.

How Independent Consent Management Tools Work

Consent management tools permit consumers to instantly give or rescind permission to access their data electronically, set standing consents for data access in emergencies or any routine situation, and view complete audit trails of all uses and disclosures of their personal health information. Keeping all consents in a single independent location is convenient for consumers and makes it unnecessary to set up or remember to change permissions at every place of treatment and with every health professional or organization that holds, stores, or transmits their personal health information. Instead, all data holders would have to check electronically with each person’s consent management system before transmitting or disclosing any data to anyone. And consumers can easily monitor all access and uses of their health records because they will have audit trails of disclosure of their health records in one place.

Consent management tools are also inexpensive: consumers or organizations representing consumers can pay nominal fees to obtain them or be given the tools in exchange for transaction payments from data users to independent consent management tool vendors.

Health Record Banks Can Provide Physician EHR Incentives

HRBs can also provide incentives for physician EHR adoption and use. The HRB would either pay a small fee for each deposit of a standardized electronic report of an outpatient encounter, or provide free access to an EHR system to physicians via the Internet. This would help ensure that all patient information was electronic — a requirement that is not being addressed in current efforts. These HRB incentives explicitly recognize that the benefits of physician office EHRs primarily accrue to other healthcare stakeholders. Note that this would also allow HRBs to enforce standardization of health care information — payments for deposits would be contingent on following standards and HRBs would only provide EHRs that did so.

Health Record Banks Protect Privacy While Enabling Consumer-approved Secondary Data Access

Privacy protection would be assured because no HRB would allow access to any information for any purpose without the patient’s permission. In essence, the HRBs would provide “electronic safe deposit boxes” for each consumer’s medical records. Stakeholder cooperation would be assured because it is the patient who requests copies of his/her records for deposit in the HRB. Under HIPAA (the Health Insurance Portability and Accountability Act), patients already have the right to such copies.

Finally, HRBs promote appropriate secondary access to electronic health care information. When public health authorities or medical researchers query HRB(s), information from all account-holders that have agreed to allow that particular use of their data would be searched. Confidentiality can be assured by limiting the response to a query to the number of records that meet whatever criteria were submitted. The actual data would not be released to any researchers or public officials unless required by federal statute, assuring that consumers can participate without any risk of data or identity theft or loss of privacy. If needed, a message can be sent privately to each account-holder matching the query conditions. This would, for example, allow notification of account-holders of their eligibility for a clinical trial (see the previous posting on this topic for more details). If fees are charged for data access, the revenue could be shared with account-holders as an incentive to allow such use.


So we agree — let’s scrap the current national health IT efforts … and use smart technology instead. With health record banks and independent consent management tools, we can build an electronic health system that delivers all the benefits we want and ensures that privacy rights are strengthened and preserved—so consumers will actually be willing to participate in electronic health record systems. Communities such as Louisville, KY, Washington State, and Texas are already on the HRB path — why not yours?


*Dr. Peel, co-author of this blog posting, is Founder and Chair of the Patient Privacy Rights Foundation, and leads the bipartisan Coalition for Patient Privacy. She is a practicing Board-certified psychiatrist and Freudian psychoanalyst and earned her MD at the University of Texas Medical Branch in Galveston.  Modern Healthcare recently named her #4 in their list of the 100 most powerful people in healthcare in 2007.