Much is happening in healthcare. As I write this column, Washington battles over SCHIP; health coverage for all Americans is the primary issue of the presidential race; and, Microsoft, Wal-Mart and Google are adding personal health records (PHR) to their product portfolios, which, for many Americans, may provide an entirely new way of controlling their health. In a statement following the recent unveiling of HealthVault, Microsoft’s online PHR, The Robert Wood Johnson Foundation noted that access to one’s own health information is “a vital step in helping physicians and patients work together to improve care.” It’s a true statement, however, there are chasms to be crossed before PHRs become practical, not the least of which is privacy.
Much is happening in healthcare. As I write this column, Washington battles over SCHIP; health coverage for all Americans is the primary issue of the presidential race; and, Microsoft, Wal-Mart and Google are adding personal health records (PHR) to their product portfolios, which, for many Americans, may provide an entirely new way of controlling their health. In a statement following the recent unveiling of HealthVault, Microsoft’s online PHR, The Robert Wood Johnson Foundation noted that access to one’s own health information is “a vital step in helping physicians and patients work together to improve care.” It’s a true statement, however, there are chasms to be crossed before PHRs become practical, not the least of which is privacy.
Privacy, security and interoperability remain the primary issues facing health information exchange (HIE), the basis for regional health information organizations and a working national health information network (NHIN). But while security and interoperability are system functions that can be solved given time, the “access to private medical information” quagmire gets broader and deeper by the day.
President Bush’s Executive Order #13410 was a double-edged sword. It required the development of interoperability standards that, today, drive the industry toward a working NHIN in 2008. However, once the system is in place, providers who receive government funds (including Medicare) will be required to submit their patients’ medical information to a government-controlled centralized database. Once the data is there, individual patients have no control over it. In addition, healthcare providers must continue to submit the medical histories on their patients or potentially lose the ability to treat Medicare patients, which today would be the kiss of death for most practices. Therefore, a doctor’s ability to treat patients “off the books” in order to protect their privacy is effectively eliminated.
In addition, the Privacy Rule denies individuals the right to sue in court when their privacy is breached, however, the federal government may fine or imprison those found to be in violation of HIPAA, which has spawned an entirely new legal battleground. It’s not a far stretch to imagine a day when healthcare providers will be unable to guarantee privacy to patients without jeopardizing their practices.
Massachusetts, being an early adopter of statewide mandated healthcare, has come under fire from organizations protesting the state’s ability to grant access to private health data without patient consent, even under HIPAA. Among other things, HIPAA’s federal medical privacy rule allows the dissemination of private health information without patient consent in order to pay doctors for their services—so Medicare, Medicaid, clearing houses and private insurance companies are on the list, which is a lot of people with access to private health data.
When doctors’ file cabinets held the bulk of medical records, the employees working in those practices had access to them, however, when all the medical data becomes stored electronically in a centralized repository, many more people will have access and HIPAA will be the key that unlocks the gate to it all.
Much is written about our “broken” healthcare system, most of which I disagree with. A working NHIN, in my view, is America’s best hope for protection against pandemics or biological terrorism. However, when federal law, on the threat of punishment, denies doctors the ability to keep their patients’ medical histories private, our system truly will be broken. Patient-provider privacy is the foundation on which our entire healthcare system rests. It must not be undermined.