Who should control cradle to grave patient health records?

Health IT is evolving quickly, and the concept of a cradle-to-grave patient health record, aggregated from all the different places where pieces of one’s health story are found, is no longer such science-fiction.

The emergence of interoperable networks is beginning to mature, and is a central focus for health IT in 2012. Whether that involves traditional Health Information Exchange (HIE) hubs (an institution-centered play), or a more direct point-to-point method, or an “extend the platform” approach made possible as a result of web-based EHRs (an ambulatory-centered play), the result is that knitting together a patient’s story becomes possible.

It also means that the resulting Big Data becomes staggeringly powerful. Certainly, the data will exist in the cloud (once the cloud can be made sufficiently secure to meet HIPAA Security standards). The large enterprise-based software of the past, dominant among hospitals and academic medical centers, will simply become large nodes for this cloud-based Big Data, supplemented by web-based EHRs and other participants in the health data space.

Who is to manage it? Certainly, a policy framework needs to exist to ensure that patient privacy is maintained – not just security (ensuring that the pipes don’t leak, and that data is safe where it is housed), but also privacy (ensuring that only authorized people can see someone’s records). Who should control such access? Clearly, it needs to be the patient.

Patient-centered control of identifiable Big Data

For individually-identifiable health data – a patient’s own health record, aggregated from across the entire landscape – clearly, the person managing viewing permissions needs to be the patient directly. Even when sharing data between different care providers (different physicians upon referral, or with the hospital, or any other such combinations), the patient must give permission. This is the case currently, with a paper-based environment.

Sometimes, specific permission needs to be granted (such as an office pulling data from some other place, like a consultant or a hospital, where a patient-signed release form is sent in order to pull data), and in other scenarios (such as sending information to a recipient consultant, for the purpose of medical care) the general permission for treatment covers it. When this kind of data flow, which assumes that data is separate and fragmented and pieces of information need to be sent back and forth, evolves into a global cloud, where all the data resides seamlessly, the permission structure gets more complicated.

The “missing piece” in this might be a patient-oriented PHR, which is connected not only to the treating physician’s EHR, but to the envisioned global cloud more generally. The PHR, when it is connected, can be the center of permission-granting to members of the healthcare team. This is currently not the way PHRs have been designed, but it may represent a strategic vision for the role that PHRs can play – the center of the hub for cradle-to-grave health records.

Consumer-derived data

Outside the realm of HIPAA-governed health data, there is a wealth of consumer-created health data. The sheer mass of this data, in fact, dwarfs what is contained in doctor’s EHRs, in hospitals and in labs. These kinds of data range from self-reported inputs into social media (Facebook apps where people can track their travels, their exercise, their eating and diet), to input into specific web sites (all the health-condition sites where “patients like me” can share their experience with each other, and obtain learning resources). It also includes data created by medical devices – like Internet-enabled blood glucose monitors, where the readings can be uploaded and stored in the cloud.

This kind of consumer-derived data can also be linked together, and the linked PHR is the logical place for aggregation of all this information. The patient, in this setting, determines what to connect and link, and what to share with one’s treating clinicians.

Consumer-created data, when viewed from a PHR, remains patient data outside of HIPAA. When that data is shared with a clinical provider, then the shared data becomes PHI and is governed by HIPAA privacy – it cannot be shared with anyone else without the patient’s permission.

The view looking forward

The concept of a virtual cradle-to-grave medical record for each individual is something that can be seen from where we are today. It will take significant maturation of the health IT interoperability field, and will move toward a secure cloud that taps into hospital enterprise systems, academic institution systems, clinical laboratory and pharmacy systems, community doctors systems, and web-based EHRs. Managing the permission-granting of this data (the personally-identifiable data governed by HIPAA) presents its challenges, and may end up being the future vision for PHRs. We have a ways to go before we’re there.

Further, a central hub around a patient’s PHR may be the place where outside consumer-created health data is centralized. That way, sharing what is appropriate with treating health care professionals can be managed and governed by patient-based permission. The otherwise confusing interplay between HIPAA-governed data and consumer-created data is likely to be best sorted out with this kind of approach.

Robert Rowley is a family physician and CMO of Practice Fusion.  He blogs at EHR Bloggers.

Submit a guest post and be heard on social media’s leading physician voice.

Comments are moderated before they are published. Please read the comment policy.

  • http://www.facebook.com/people/Ardella-Eagle/840440226 Ardella Eagle

    HRM utopia!

  • Elle Gee

    And, the patient must have the ability to know who has accessed their records and for what reason. Keeps the snoopers at bay – and I know whereof I speak.

  • Anonymous

    “…The PHR, when it is connected, can be the center of permission-granting to members of the healthcare team. This is currently not the way PHRs have been designed….”
    B to the I to the N to the G to the O-oh-oh-oh!

    change “can” to “must” for the call to action – and more enterprises than just Practice Fusion can make this model work

  • http://pulse.yahoo.com/_2LRZNHDZS6DU45WQ567LPQ7CMI ninguem

    It is so easy to take your own, personal medical records, and put them on one of those little portable memory sticks. You can keep it on a key chain if you like. Keep a copy at home.

    Why is this such a big deal? Why do we need centralized medical records……..unless the real agenda is to facilitate snooping into your data. Government, business, or both.

  • Anonymous

    It shows the sad state of medicine today that this is even a question!  How could anyone other than a patient himself own their comprehensive personal health record?  It’s pure and simple greed clouded in a veil of paternalism.

  • CorpAvenger

    I wonder if Ninguem and I know one another because this sums up my opinion and what I have offered up as a much more logical, safer, more civil liberties respectful way of handling this. I literally just created a White House Petition challenging this dangerous and over invassive way of handling PHI and EMR’s. Please support me in my attempt to gain some traction on derailing government and private entity invassions of our medical privacy by signing my petition and sharing it with others here:

    Or Here:

    Insurance carriers do not presently have a right to have unfettered access to one’s PHI be it in an old fashioned paper chart or in a modern EMR. BUT once we start over connecting all the potential treating entities, claims processing, 3rd and now even 4th party administrators, no less CMS the Federal Government who is one of the largest insurance carriers in the nation with Medicare and Medicaid, millions upon millions of employees and managers will have access to our medical information. Can we really ever completely trust, screen and supervise all of these multitudes of healthcare workers and “E” paper pushers? Just remember back when three senators were all running for the Presidency, All three of them had their private records violated and leaked to the press and public. And this leak originated from inside The State Department which one would hope to be one of the most secure facilities and systems in the free world with extremely high levels of employee screening and security clearances. Do we really think that every medical office, mid-sized clinics and huge hospitals can even come close to the level of security and endless budget of the State Department? Of course not…

    There are many valid reasons to completely Leave a part of one’s medical records to rot or be deleted, lost, purdged or what have you. Not every theory, diagnosis or opinion rendered even by good doctors with honest best intent and high quality credentials and training is valid or worth keeping. Why some of them are even stigmatizing and could ruin a person’s life, insurability for health and life insurance, or lable someone as a mental ill problem that has little hope of every leading a normal life. A diagnosis of “Borderline Personality Disorder” probably would mislable someone and have most treating Physicians think horrible and inappropriate things about a patient for the rest of that patients life, regardless of how subjective any such mental health diagnosis can be, and how many wrong ones are entered in people’s charts each and every day? Should the honest acting out and drug experimentation of a teenager or young adult have to follow them to ever doctor’s office, never to be gotten rid of for the rest of their life, regardless of how much they may have moved on from those darker earlier days? Sometime the best thing a patient of parent can do is to walk out of doctors office, never having that visit or diagnosis combined with the rest of their chart. Mistakes are made and one doc’s problem child is another doc’s creative genius. PHI should only be shared if and how the patient deems appropriate.

    De-Centralizing PHI and Medical Data is one of the best means we have of protecting patients’ privacy because it will take so much work to actually combine any given patient’s complete medical history. Meanwhile at the same time with software and daily back-ups combined with a certain level of interoperability, standardization, sharing between entities and offices should get easier with time as we work such standards out. And if for some reason one’s doctor does have a mishap with your data, all of the other players you have done medical business with, should have enough of the other components and parts, that with a little luck, one could actually re-combine most of one’s old charts and data.

    But as stated before, if everyone or at least every head of household, parent had a growing, semi-regularly updated personal copy of their records on a flash drive (and it’s easy to do, EMR’s already are creating such things for ease of sharing and for giving to patients for their personal use) then the patient can offer up that drive to any treating physician or facilities to pass on what is needed and the patient feels comfortable sharing. And one of the best systems of protecting data from hacking, wacking and abuse by private bad guys or large corporations or governments is to de-centralize it to as small a level as possible. So if any Parent or individual patient lost their personal drive, at best only or person or one family’s worth of patients had the privacy violated instead of thousands or millions in one swoop as happens every day at VA hospitals, credit card services, retailers, and banks even with supposedly high quality safeguards in place with much better budgets for such things than many cut to the bone primary care offices with stagnant fees and greedy carriers keeping the cream for themselves and their shareholders.

    I am my wife’s solo family practice’s Practice Manager and the entire buck for all such EMR issues and systems stops mainly at my desk or at her’s sometimes too. Our daily back-up for one one solo doctor’s worth of patients is now at about 2 gigs a night for two separate programs combined. One is the main EMR and one is an intentionally separate (for better protection of long term access and ease of daily use) Document Managment program that we use to scan and store, and acccess all of the paper and faxes that are still generated in the present state of the art in most systems. Many offices still use a lot of paper and choose to mail out paper specialist reports and make use of traditional faxes which we now convert into an “E” form to eliminate printing, paper waste and filing issues. So if our entire practice fits on two gigs with old scanned in charts and labs, reports (converted into very useable and universal PDF format) as well as the considerably smaller actual EMR data back-ups which includes daily imports of “E” transmitted Lab results, (one way interface, lab to us, but not US back to the Lab, Modern version of the old system, report to us, no access for them without going thru me or my wife as the filter for cause and reason.) which is nice as those values now can become data points for tracking trends and changes over time with multiple labs, then an entire family’s set of charts or CCR (Continuity of Care Report) takes up barely any room at all, even if all updates are individual and not write overs. Lastly with security minded companies like Iron key creating Defense Dept level of protection flash drives, even if a flash drive were to fall into the wrong hands or simply be lost, only the best of the best of the hacker community would know how to violate and access such a drive without the drive becoming a complete loss erasing all of its data or locking up forever.

    In closing I envision a system that allows all patients and doctors to opt-out of any such invassive system without any penalty. And when patients first establish with a provider if they want to risk having their PHI on the net and out there in “The Cloud” and the doctor is an Opt-Out provider, then that is one of the measuring sticks one might use to choose a healthcare provider. Personally, I will be choosing those that believe as I do, as full Opt-Outs in terms of hooking into any Two Way sharing, Centralized Servers and Records or Cloud based sharing systems. It is one thing to transmit data smoothly and in a logical standardized way, in a one way sort of system so imaging reports and pictures, labs or referals can be easily stored and later accessed in a doctors modestly growing EMR database, keeping a solid record of one’s care while a patient has a working relationship with that doctor or facility. But it is a completely different thing to have One Single never to be gotten rid of ever growing medical chart. That sounds way too Big Brother and Orwellian to me….. Don’t English teacher’s require the reading and discussion of 1984 anymore???? Or have all such great works with messages to teach all been burned and destroyed, lost forever at, “Farenheit 451″???

  • Anonymous

    Do you think that the person who isn’t faced with any conflict of interest should control cradle to grave patient health records?  What makes you suggest that a policy can alleviate any conflict of interest?