Tuesday, June 23, 2009

Health Care Privacy

On the Google Policy Blog there was a recent post advocating their position regarding privacy of health care records. The Blog states:

"From its inception Google Health has been about giving patients control over their medical data. For starters, that means we help people access their health information, give them a safe and secure place to store it, and let them share it with others if they wish. Over time our goal is to help consumers play a larger role in their own health care by empowering them with the information they need to make better health care decisions.

As part of this effort, we're endorsing an industry-wide Declaration of Health Data Rights. Unveiled today at HealthDataRights.org, the Declaration aligns with the principles behind Google Health: consumer empowerment, privacy protection, and data portability. We've joined a diverse group of stakeholders -- including doctors, researchers, technology companies, writers, entrepreneurs, health economists, and others -- that have come together to support this effort to promote greater patient access to personal health data.

While most of the rights outlined in the Declaration are already included in the Health Insurance Portability and Accountability Act (HIPAA) and the recent American Recovery and Reinvestment Act (ARRA), there are still practical challenges to acting on these rights. For example, getting access to your medical records today often requires that you fill out a form at your doctor's office, pay a $35 copying fee, and then wait a month or more to receive your records in the mail. Under the law, this is your data, and we believe you should have it the day you visit your doctor."

First let us examine the HIPPA requirement. It states:

"The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.

For example:
  • A laboratory may fax, or communicate over the phone, a patient’s medical test results to a physician.
  • A physician may mail or fax a copy of a patient’s medical record to a specialist who intends to treat the patient.
  • A hospital may fax a patient’s health care instructions to a nursing home to which the patient is to be transferred.
  • A doctor may discuss a patient’s condition over the phone with an emergency room physician who is providing the patient with emergency care.
  • A doctor may orally discuss a patient’s treatment regimen with a nurse who will be involved in the patient’s care.
  • A physician may consult with another physician by e-mail about a patient’s condition.
  • A hospital may share an organ donor’s medical information with another hospital treating the organ recipient.
The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient..."

HIPPA was written at the beginning of the Internet era and thus focuses on the use of fax. I no longer have a fax and I find it still pervasive in just one area, medical records. On a physician to physician basis an email may still get you into trouble, you must by law fax. To a patient you must set up a secure password protected system to retrieve records, you cannot email a patient a record outright. This applies for providers only. Google is not a provider just a depository, but a powerful depository.

The aforementioned Health Rights states:

"We have the right to access all health data about ourselves, so we can make the most effective health decisions using the resources we feel are most appropriate. Having and understanding one’s health data is as crucial to lifestyle decision-making as accessing one’s bank account. Our goal is to make these concepts an everyday reality.

If we collectively assert our health data rights, we’ll impact care, engagement, quality, errors, outcomes, and meaning; we’ll move our current unaffordable and dysfunctional health system to one that more effectively serves patients by allowing them to have the information they need to fully participate. We believe that this flow of information will drive more engaged patients, better health decisions, lower costs, and better medicine."

This raises several interesting issues.


First, who owns your patient information? If you volunteer it to Google perhaps they take ownership, especially if it is processed and value is created therefrom.

Second, what guarantees of veracity does one have on patient supplied information. Taking a patient history is one of the first contacts a medical student will have with a patient. All too often it is not what the patient says but how they present themselves which is all revealing. Do they walk well, the color and texture of their skin, and the like, patients sometimes lie, often forget and almost always get things wrong. This is a challenge in any medical history taking. The issue is the time spent talking with the patient for from that comes other issues. Reading a history is nice, and perhaps less error prone but it often fails to reveal the patient and their problem.

However getting information to the patient is essential. Patients often do not listen. They do not hear what the physician is telling them, especially if the news is less than happy news. The issue of obesity, blood sugar and glycemic control, hypertension, and the ears of patient often close.

HIPPA was well intentioned but like all Government plans it institutionalised the past, the fax, just at a time when the Internet was exploding, the mid 1990s! That should tell all those who look for Government intervention in Health Care something.