Ignoring the Obvious: Major Health IT Organizations Put Aside Patients

Posted on November 18, 2016 I Written By

Andy Oram is an editor at O’Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space.

Andy also writes often for O’Reilly’s Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O’Reilly’s Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Frustrated stories from patients as well as health care providers repeatedly underline the importance of making a seismic shift in the storage and control of patient data. The current system leads to inaccessible records, patients who reach nursing homes or other treatment centers without information crucial to their care, excess radiation from repeated tests, massive data breaches that compromise thousands of patients at a time, and–most notably for quality–patients excluded from planning their own care.

A simple solution became available over the past 25 years with the widespread adoption of the Web, and has been rendered even easier by modern Software as a Service (SaaS): storing the entire record over the patient’s lifetime with the patient. This was unfeasible in the age of patient records, but is currently efficient, secure, and easy to manage. The only reason we didn’t switch to personal records years ago is the greed and bad faith of the health care institutions: keeping hold of the data allows them to exploit it in order to market treatments to patients that they don’t need, while hampering the ability of other institutions to recruit and treat patients.

So I wonder how the American Health Information Management Association (AHIMA) can’t feel ridiculous, if not a bit seamy, by releasing a 3000-word report on the patient data crisis this past October without even a hint at the solution. On the contrary: using words designed to protect the privileges of the health care provider, they call this crisis a “patient matching” problem. The very terminology sets in stone the current practice of scattering health records among providers, with the assumption that selective records will be recombined for particular treatment purposes–if those records can be found.

A reading of their report reveals that the crisis outpaces the tepid remedies suggested by conventional institutions. In a survey, institutions admitted that up to eight percent of their patients have duplicate records in the institutions own systems (six percent of the survey respondents reported this high figure). Institutions also report spending large efforts on mitigating the problems of duplicate records: 47 percent do so during patient registration, and 72 percent run efforts on a weekly basis. AHIMA didn’t even ask about the problems caused by lack of access to records from other providers.

To pretend they are addressing the problem without actually offering the solution, AHIMA issues some rather bizarre recommendations. Along with extending the same processes currently in use, they suggest using biometrics such as fingerprints or retinal scans. This has a worrisome impact on patient privacy–it puts out more and more information that is indelibly linked to persons and that can be used to track those persons. What are the implications of such recommendations in the current environment, which features not only targeted system intrusions by international criminal organizations, but the unaccountable transfer of data by those authorized to collect it? We should strenuously oppose the collection of unnecessary personal information. But it makes sense for a professional organization to seek a solution that leads to the installation of more equipment, requires more specialized staff, tightens their control over individuals, and raises health care costs.

There’s nothing wrong with certain modest suggestions in the AHIMA report. Standardizing the registration process and following the basic information practices they recommend (compliance with regulations, etc.) should be in place at any professional institution. But none of that will bring together the records doctors and other health care professionals need to deliver care.

Years ago, Microsoft HealthVault and Google Health tried to bring patient control into the mainstream. Neither caught on, because the time was not right. A major barrier to adoption was resistance by health care providers, who (together with the vendors of their electronic health records) disallowed patients from downloading provider data. The Department of Veterans Affairs Blue Button won fans in both the veterans’ community and a few other institutions (for instance, Kaiser Permanente supported it) but turned out to be an imperfect standard and was never integrated into a true patient-centered health system.

But cracks in the current system are appearing as health care providers are shoved toward fee-for-value systems. Technologies are also coalescing around personal records. Notably, the open source HIE of One project, described in another article, employs standard security and authentication protocols to give patients control over what data gets sent out and who receives it.

Patient control, not patient “matching,” is the future of health care. The patient will ensure that her doctors and any legitimate researchers get access to data. Certainly, there are serious issues left, such as data management for patients who have trouble with the technical side of the storage systems, and informed consent protocols that give researchers maximum opportunities for deriving beneficial insights from patient data. But the current system isn’t working for doctors or researchers any better than it is for patients. A strong personal health record system will advance us in all areas of health care.