October 4, 2007 — Today, Microsoft announced their HealthVault(tm), a secure consumer-controlled repository for health and medical records available to all consumers at no charge. It was described as a consumer-centric approach to addressing fragmentation of health information — in other words, a health record bank. Microsoft’s recognition of the need for such a repository is thoughtful and positive, and the release of HealthVault will do much to focus the discussion about health information infrastructure toward the health record banking approach. It may even be important in moving the nation forward in solving the problem of making your complete health records available whenever and wherever you may seek medical care. This posting explores this important new development — what it is, what it isn’t, and how it relates to solving the overall problem.
Health Record Banking
As those of you who’ve been following this blog know, health record banking involves establishing consumer-controlled repositories that hold complete copies of each person’s medical record. Like all good ideas, health record banking is fundamentally simple. Each person keeps an up-to-date copy of their lifetime health record in an “account” with a health record bank (HRB). All access to the information in the account is controlled by the account-holder (the consumer), who makes the information available to health care providers whenever necessary. Each consumer may also access their own record as needed.
HRBs would have exclusive responsibility as the agent of each consumer, and would be required to follow stringent privacy and confidentiality practices to protect the information (either via open and transparent community oversight or legally-mandated government regulation). HRBs would provide everything needed for an effective nationwide health information infrastructure: 1) consumer-controlled access to complete medical records; 2) financial sustainability; 3) incentives for physicians to acquire and use electronic health record (EHR) systems in their offices; 4) privacy protection; 5) stakeholder cooperation; and 6) availability of health data for consumer-authorized secondary uses such as medical research.
Through consumer-authorized searching, HRBs would promote appropriate secondary use of electronic health care information. When public health authorities or medical researchers query HRB(s), information from all account-holders that have agreed to allow that particular use of their data would be searched. Confidentiality can be assured by limiting the response to the query to only the number of records that meet whatever criteria were submitted (so no actual patient data is released). If needed, a message to be sent to each account-holder matching the query conditions could be included. This would, for example, allow notification of account-holders of their eligibility for a clinical trial (see the previous posting on this topic for more details). If fees are charged, the revenue could be shared with account-holders as an incentive to allow such use.
HRBs can also provide incentives for physician EHR adoption and use. The HRB would either pay a small fee for each deposit of a standardized electronic report of an outpatient encounter, or provide very low-cost access to an EHR system to physicians via the Internet. This would help ensure that all patient information was electronic — a requirement that is not being addressed in current efforts. These HRB incentives explicitly recognize that the benefits of physician office EHRs primarily accrue to other healthcare stakeholders. Note that this would also allow HRBs to enforce standardization of health care information — payments for deposits would be contingent on following standards and HRBs would only provide EHRs that did so.
HealthVault in the Context of Health Record Banking
So what does HealthVault do? Essentially, it can function as the “cubbyhole” server that makes individual complete records available for care (a previous posting describes implementing a health record bank with two servers — a “cubbyhole” server allowing access only to one record at a time for clinical care and a “searching” server for research queries). This of course depends on whether HealthVault is able to directly receive medical information from health care providers across the nation, certify the source of each data item, and ensure (to the satisfaction of physicians) that the information cannot be altered by consumers and therefore can be relied upon for decision-making. This would indeed be a major contribution.
In order for this to occur, consumers must be convinced that the information in HealthVault is totally under their control, and that its privacy and security is protected. Microsoft has taken major steps to ensure the security of HealthVault, and has also agreed to abide by the Privacy Principles of the Coalition for Patient Privacy, a major bipartisan health privacy advocacy group. They are seeking or have received outside independent security certification (backed by independent audit) and are doing the same in the privacy domain. Clearly, establishing trust with consumers is essential to the success of HealthVault.
HealthVault Does Not Fully Solve the Health Information Infrastructure Problem
However, HealthVault does not address at least two important functions required to solve the overall health information infrastructure problem. First, it does not provide for searching consumer health records. Of course, consumers can decide to send their data outside the HealthVault for searching, but then it is no longer in the protected environment. As previously discussed in this space, searching the data is critical not only for public health and medical research, but also for certain clinical functions such as notifying consumers when a drug they are taking has been withdrawn from the market. Therefore, a complete solution requires adding search capability.
Second, HealthVault does nothing to address the biggest problem of all with respect to electronic health records — that most of the information in doctor’s offices is still recorded on paper. Only about 1 in 5 physicians use an electronic health record (EHR) system today. While adoption of EHRs is continuing, it is slow — primarily because the business case for EHRs in physician offices is not good. Most of the benefits of such systems accrue to others in the health care sector besides the physicians. Therefore, physicians are reluctant to pay for them — and financial incentives for physicians are needed so that physicians will all convert to EHRs.
As noted above, health record banks can address this problem by either paying physicians for deposits of encounter reports (the eHealthTrust business model ) and/or by directly providing low-cost Internet-based EHR systems to physicians funded by the revenue received by the health record bank. In the absence of such financial incentives for physician EHR adoption, most health records will remain paper based and cannot readily be stored or processed electronically.
HealthVault and Communities
For those communities working on establishing health record banks, HealthVault is good news even though it is not the solution for the entire problem. Now communities have the option to use HealthVault as their “cubbyhole” server — at no charge. To complete their health information infrastructure, communities still need to establish a trusted multi-stakeholder organization to provide local governance to ensure trust. That organization would then engage a for-profit health record bank service provider to establish and operate a secure searching server and deliver low-cost EHRs to physicians using an effective business model that ensures sustainability. While these are by no means trivial tasks, HealthVault may allow community health record banks to be established more quickly and more easily by supplying part of the needed infrastructure — thereby reducing the upfront investment requirement.
The real question is whether consumers will have sufficient trust to store their data in Microsoft’s HealthVault. Only time will tell.