White House Report Recommends IT System for Real-Time Information Exchange. The President's Council of Advisors on Science and Technology (PCAST) on Wednesday called for steps to cultivate “an IT ecosystem that facilitates the real-time exchange of patient information in order to modernize diagnosis and treatment, improve public health, enhance the privacy and security of personal data, and create new high-technology markets and jobs while catalyzing healthcare-related economic reforms needed to address our nation’s long-term fiscal challenges.” To accomplish this, PCAST recommended a health information exchange based on adoption of a "universal exchange language" to allow patient outcomes to become a larger part of meaningful use more quickly, and make it easier for clinicians to generate and report a wide range of different kinds of information about the outcomes of their practice. There was an emphasis on meta-data and tagging with XML as the proposed standard language.
“Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans” noted that achievement of the goal “will not require universal patient identifiers, nor will it require the creation of Federal databases of patients’ health information.” Certainly, lack of support for a universal identifier is a disappointment, but not unexpected given the Department of Health and Human Services (HHS) mandate to avoid this issue. Separately, in CHIME meetings with HHS on this topic, we have been told that patient identification can be approached through other means, such as insisting on a very high degree of accuracy for patient matching of records.
The President’s Council was co-chaired by MIT Professor Eric Lander and Memorial Sloan-Kettering Cancer Center President Harold Varmus, with input from numerous health IT, privacy and industry experts, including CHIME member Stephanie Reel of the Johns Hopkins Health System. She served on the PCAST Health Information Technology Working Group and called on her CHIME Policy Steering Committee colleagues for input on a wide range of issues, including privacy and security.
ONC Gathering Input on PHRs. As part of the congressionally mandated report on personal health records, Office of the National Coordinator (ONC) convened a consumer roundtable last week. Panelist Dossia CEO Colin Evans observed that Health Insurance Portability and Accountability Act (HIPAA) regulations fell short when it came to securing data and ensuring patient control over information. Providers—hospitals, physicians and pharmacies—could prevent patients from accessing their information because of privacy and security, he said. Kaiser Permanente Director of Digital Identity Services Tim McKay added that Kaiser limits health care providers' access to patient data.
ONC also gathered comments via website questions that asked for feedback on privacy and security and emerging technologies; consumer expectations about collection and use of health information and privacy requirements for non-covered entities. In response, CHIME singled out “making PHR vendors directly accountable for meeting the privacy and security requirements under HIPAA, including breach notification requirements, as most important.” To accomplish this, make personal health record (PHR) vendors covered entities or an alternative that would have the same result.
Standardization was another focus area of the CHIME letter. Information exchanges between PHRs should be standardized to the greatest extent possible. Rather than having each PHR vendor adopt unique ways to receive information from, and transmit information to a HIPAA covered entity, transactions should occur in a standardized fashion. Potential liability was also identifies as another area of concern. For example, information transmitted to a PHR from a hospital might subsequently be altered and information received from a PHR by a hospital might be inaccurate or incomplete, potentially compromising safe, effective and efficient patient care. Continuing on another important theme, the letter stressed the need for a unique patient identifier to facilitate the accurate electronic exchange of information between all relevant parties, including PHR vendors.