I have always respected privacy of an individual. Recently, my respect towards patient privacy and consent has drawn concerns in my mind on the current state of health care.
The privacy of an ordinary person is as important as the one of a celebrity or the CEO of a major public company. Recently “Shares of Apple Inc. fell on account of health concerns about their CEO - Steve Jobs“. This news, caused a trickle down effect where the company’s shares took a hit and fell 5.7%. Causing the market to react to a negative imbalance.
The effects of denial to medical privacy include but are not limited to the following:
- Job Loss
- Discrimination
- Credit Denial
- Fear
- Loss for Stakeholders
CHCF Consumer Privacy Health Survey (2005) shows that 67% of Americans are concerned about the privacy of their personal medical records.
In my opinion patient privacy is the most important factor for a patient-doctor relationship. To protect the same we must:
- Invest in technologies which build a secure environment to protect patient data
- Educate the team on HIPAA and patient privacy
- Obtain Consent while using/sharing patient data
- Authenticate the receiver/observer of patient data
- Limit secondary use of patient data
- Observe strict policies while storing patient data
- Define rules for non-tolerance
- Mandate compliance with security practices
- Define framework for Data integrity, Safeguards and Accountability
- Follow standards and certifications to maintain sanity levels in protecting patient privacy
The economic stimulus bill in the Obama Administration (244 188) includes $20 billion to promote health IT. This bill includes:
- A ban on sale of protected health information in electronic medical records and limitations on marketing
- Audit trails of all electronic health record transactions, encryption requirements, and rights to electronic copies of our records
- Requires the Secretary to revisit and narrow the definition of “health care operations”
- Improved enforcement provisions such as breach notification, required periodic audits, state attorneys general enforcement, a compensation scheme for privacy victims and applying security and privacy provisions and penalties to business associates
- Ensuring taxpayer dollars go only to funding systems that are capable of segmenting specific and sensitive information
- Funding for consumer advocacy groups and not for profit entities to participate in the regulatory process.
- derived from PatientPrivacyRights.org Newsletter: Privacy in the Stimulus?, Dated: Jan 29, 2009
This bill if passed by the Senate will ensure consumers interest ahead of industry profits. With proper technological utilization, policy definition and process implementation the Patient Privacy can now become a reality.
I vote for Patient Privacy! Do you?
During his presidential campaign, President-Elect Obama said he would allocate $50 billion over five years to support the adoption of standards-based health IT systems and a national health information network.
On Friday, January 09, 2009: President-Elect Barack Obama Calls for All Americans To Have EHRs Within Five Years. This gives the Healthcare Industry a huge leverage over other Industries.
Here is my interpretation of the future of the Health Care Industry:
- EHRs (Electronic Health Records) will be mandated for patient record keeping
- Personal Health Record (PHR) will gain momentum and will govern the way interoperability is being driven
- Interoperability, Clinical Decision Support, Population Health and Quality Measures are the buzz words which will improve care for the years to come
- Health Information Exchange will bring better control over Patient Consent Management
- Certified products will bring standardization for EHRs. Additional features in form of plugins, extensions and “Surprise” features will be the reason to choose an EHR.
- Technology improvements will allow Privacy and Security policies to improve over the processes.
- Harmonization of efforts will allow consolidation of similar standards
- Coordinated Quality Care will be the norm towards transforming healthcare in the US.
Office of the National Coordinator (ONC) for Health Information Technology (HIT) from the U.S. Department of Health and Human Services (HHS) documented a need for Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information.
The purpose of the document was to address the need for protecting individually identifiable health data as the electronic health information exchange poses challenges and complexities every day.
Code of Fair Information Practice by the U.S. Department of Health, Education, and Welfare (HEW), addresses five practices to benefit from computerization while providing privacy safeguards:
- openness
- disclosure
- secondary use
- correction
- security
At various levels there are different laws governing Privacy & Security of patient health information. These include but are not limited to:
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- the Privacy Act of 1974
- the Confidentiality of Alcohol and Drug Abuse Patient Records Regulation (42 CFR Part 2)
- the Family Educational Rights & Privacy Act (addresses privacy of information held by certain educational institutions)
- Gramm-Leach-Bliley Financial Services Act (addresses privacy of information held by financial institutions)
- Federal Information Security Management Act of 2002 (FISMA)
The principles outlined in the framework are meant to guide the use of electronic health information and they are technology adaptive.
The principles include:
- Individual Access: Individuals have right to their information and they have the right to dispute if the information is inaccurate.
- Openness And Transparency: Individuals should be able to trust the information system maintaining and storing their health information.
- Individual Choice: An individual should be able to make informed choice about his/her data being exchanged over a network.
- Collection, Use, And Disclosure Limitation: An individuals information if collected should be with consent. Any use of the information (secondary use) should be for specified purposes and disclosure to any information should be made after consent of the individual.
- Data Quality And Integrity: Entities should take appropriate measures to ensure that the identifiable information is accurate, up-to-date, complete and has not been altered.
- Safeguards: Reasonable Administrative, Technical, and Physical Safeguards should be in place to protect individually identifiable health information.
- Accountability: Appropriate procedures and policies should be in place to assure Accountability in the system.
The goal of the Nationwide Privacy and Security Framework is to ensure trust and safegurd for electronic exchange of individually identifiable health information.
This time of the year I tend to rethink all that I have accomplished through out the year.
2007:
Personal Life:
- Got married!!
- Expanded my field of study from Technology to Health Care with IT.
- My rock collection/study (Petrology) is progressing.
- Extended my lifestyle as a Jain follower.
- Organized all our important documents online for real time access.
Work:
- Successfully coordinated the $28,000 valued CCHIT certification effort for the company product.
- Improvised the company intranet website — HELPDESK — allowing internal communication improvement.
- Formulated appropriate communication policies within the company for directing the employee efforts in the right direction.
- Transformed from being a Knowledge Research Specialist to being a Knowledge Manager.
We (myself and Avni) wish you a Merry Christmas and hope your holidays are filled with joy and happiness.
My Contact Information:
Email: nainil@eliteral.com
Orkut: nainil@gmail.com
IM: nainil@hotmail.com
My first encounter with materialistic world came into actual realization when I first had to shift apartments from Philadelphia to Boston. I realized that I had almost 30% of house inventory which I had never used or was not going to use in the future. Since then I decided to balance my needs and wants which my factual needs and wants.
This Christmas myself and my wife we both decided to give each other a gift. We decided to:
- Organize our Documents with online access control.
- Remove all unused items for charitable donation or recycling.
- Scan all our Health Records and upload it on Microsoft HealthVault
Online Documents: We have scanned all of our most important documents and have uploaded them on a dedicated VPS server with dual backup facility for real time accessibility of data. We are now able to organize our documents online without the fear of loosing them for the rest of our lives.
Charitable Event: We donate our unwanted clothes at the local Walmart’s Cloths Donation boxes. Any other unused item goes to “Salvation Army” or any such projects available locally.
HealthVault: Microsoft HealthVault is personal health technology platform that lets you gather, store and share health information online. With HealthVault, users control their own health records, so they can privately share their health information with family, friends and healthcare professionals, and have access to trustworthy online health management tools.
We spent a total of 2 weekends to take care of the above mentioned tasks. By doing this exercise:
- Time is saved (as we lead a more organized life).
- We have a clear understanding of our needs and wants.
- We are now looking at the bigger picture of being a united family with a sense of responsibility towards the world we live in.
- We are able to find anything we need without searching for it.
- We have secure Health Records; accessible from any where around the world.
- We embrace technology to make our lives simpler.
There’s nothing wrong with having standards, is there?
No, as long as you don’t force them on others.
We work in an (healthcare) industry where we can harm our clients (patients) through medical errors and still charge them for our own mistakes.
Questions that need answers:
Who will take the ownership of Standards Deployment?
Is the EMR Adoption going to be a reality?
Is there a HIPAA Version 2.0?
If a doctor is participating in a quality measurement initiative and is only submitting “Aggregate Patient Information” to the quality measure unit, does the doctor need to take CONSENT from the patient that the patients information will be used in “Aggregate Data Collection”?
PatientPrivacyRights.Org (Deborah Peel, MD) says:
There should be no “secondary uses” or any uses of our personal health information without contemporaneous, informed consent.
Technically, HIPAA does not require consent for aggregate information sharing. Also, quality measurement is part of treatment/payment/operations, so it is exempt anyway. However, beyond HIPAA is the perception of the patient and community that their data is being shared.
Here are some interesting facts from an interesting article I read in the Science Daily on the US Health Care System:
* U.S. spends more than double what other countries spend for medical care–$6,697 per capita in 2005
* U.S. patients are more likely to report experiencing medical errors
* The study, published recently in the journal Health Affairs, finds that U.S. adults also have the highest out-of-pocket costs and greatest problems paying medical bills.
* U.S. adults are most likely to have gone without care because of high out-of-pocket costs.
Source: Commonwealth Fund (2007, November 4). One-third Of US Adults Call For Completely Rebuilding Health Care System. ScienceDaily. Retrieved November 2, 2007, from http://www.sciencedaily.com /releases/2007/11/071101084956.htm
Considering all the efforts put by various health care organizations including (HITSP,ASTM,CCHIT) I believe that these numbers will change and there will be a positive upward moving trend in the health care industry.
Nainil Chheda,MS is the Knowledge Research Specialist at eClinicalWorks LLC, Member of ASTM, AMIA, AIIM, PDF/H, EHRVA, HITSP, AIS and ACM, and a practicing researcher on Healthcare Informatics.
