A lot of people complain about adolescents. They don’t listen. They act out. They talk like they have it all figured out. I disagree. As a pediatrician, this is my favorite group of patients. They have developed cognitively to be aware of the world’s complexities, and yet are still open to guidance as you help them navigate their way through. Adolescence can be challenging, but it is also an exciting time filled with potential.
I remember sitting with one particular 16-year-old girl, her shoulders slumped, eyes glued to sneakers, as I asked about her marijuana use and sexual activity. Gently, with a tolerance for the silence, a sense of humor, and a carefully placed curse word, I was able to earn her gaze. And she, in turn, was gradually able to disclose underlying symptoms of depression, for which we started treatment. Discussion of sensitive issues takes a delicate touch and a trustworthy provider, one who understands the privilege it is to bear such an influential role in someone’s life.
We all look for health care professionals who listen intently and ruminate deeply on our concerns. But, as patients, playing a wholehearted role in that relationship may be hindered by the current state of information requisition and data storage methods. Access to one’s personal medical information and the ability to dictate privacy preferences is a prerequisite to complete patient engagement.
Of course, a physician’s ability to obtain accurate historical information is essential to providing appropriate care; patients and families may be unaware or misinformed, and it is frequently preferable (especially as we work toward interoperability) to access information directly from other providers. On the larger scale, it often becomes difficult to deliver patient autonomy, as concerns for safety usually win the day.
Federal protections reflect these values. While marketing communications and the release of psychotherapy notes are regulated, HIPAA does allow for unrestricted sharing of other information for purposes of treatment, care coordination, payment, and public health. Individual state statutes impose tighter restrictions, limiting transmission of specific data that may carry social stigma or otherwise inhibit those in need from seeking care. For instance, states such as Massachusetts and California require separate written consent before disclosure of a patient’s HIV status.
With the mass adoption of electronic health records (EHRs), adherence to these regulations — and appropriate transmission of sensitive information in general — has become a challenge. Not only do the confidentiality and disclosure statutes vary state-by-state, but the degree of sensitivity varies patient-by-patient. The teenager I mentioned earlier would never have been so open with me without assurances of confidentiality (which is protected in Massachusetts). But other kids her age are extremely open with their parents about such things. Still others may be open about their sexual activity but not their drug use (or vice versa).
So how can we protect our patients’ sensitive data? How do we ensure that data integrity is upheld when transmitting this information to consulting providers or to the patient/family through the patient care summary or patient portal? How can we do this in light of our patients’ individual needs, while still minimizing any safety or public health risk? And, above all, how can we continue to preserve the sanctity of the patient-provider relationship?
The DS4P Initiative
Standards are being developed for this purpose. One in particular, the Data Segmentation for Privacy (DS4P) Initiative, allows the sequestering of certain sensitive chart elements. First piloted in 2012 with the exchange of a mock substance abuse treatment record between the VA and SAMHSA, other test sites have since joined the project, helping to further define the use cases and requirements that support this type of data segmentation standard; one site even demonstrated the ability to filter on patient-specific privacy preferences.
Yet, DS4P is still young and lacks widespread adoption. Different sectors of the industry continue to develop targeted solutions, but increasingly sophisticated patients in an increasingly interoperable healthcare system won’t be soothed by Band-Aids. It’s certainly not that providers and health IT vendors don’t want a comprehensive solution to this issue. The industry has become increasingly aware of the complexities of the situation, but we’re still trying to figure out how to navigate our way through our own “adolescence,” if you will.
Some of the intricacies include the lack of structured, codified data — whether due to its unavailability in legacy systems or due to provider documentation practices (i.e., a preference for dictation or free-text fields) — needed for segmentation of sensitive data. Additionally, as noted above, what may be sensitive to one person may not be to another, making it difficult to define which information warrants sequestration. From a technical standpoint, it would be easier to pre-determine these categories; clinically, however, it is more appropriate to allow patients to make individual preferences, though this is dependent on a patient’s engagement and ability to communicate those preferences. Provider preferences also need to be taken into account, including issues related to quality of care, patient safety, liability, and ease of workflow.
Getting this right is challenging, to say the least. But we are also in an exciting time, full of potential to improve the practice of medicine while preserving its foundation: the trusting, confidential moments a doctor spends with a patient. This “adolescence” of patient information is primed to develop into the mature solutions we are so vigorously pursuing. I look forward to playing a role in that.
Hannah Galvin is senior clinical content manager, athenahealth. This article originally appeared in athenahealth’s Health Care Leadership Forum.
Image credit: Shutterstock.com