Policies involving secondary uses of data usually don’t make news as deal-breakers for regional health information organizations seeking to share patient records. But since there is no national policy on the topic, the lack of a statewide policy can throw a monkey wrench into negotiations.
There was a fascinating story by Phil Cauthon on the web site of the Kansas Health Institute on Aug. 26, describing the impasse between the Lewis And Clark Health Information Exchange (LACIE), which primarily serves providers in the Kansas City area, and the Kansas Health Information Network (KHIN), which serves most of the rest of the state.
The two organizations have tried but failed to reach agreement about secondary use of data, the story says. Although sharing data would be valuable for providers in the state and the technical details around exchange have been worked out, it is not happening yet. If LACIE and KHIN are not connected by a Dec. 31 deadline, $1 million in grants earmarked for them could be forfeit, the story noted. The federal funds are part of the $9 million in grants the state received from the federal government to set up an HIE.
The 2012 annual report of the regulatory oversight body, the Kansas Health Information Exchange, noted that the state had yet to address secondary use: “There are numerous policy challenges that accompany the subject of secondary data use: For example, does current Kansas state law require that universities be given access to patient record for research purposes? Should that access be free or come at a price? Should patients be required to give consent to the use of their data for research purposes as a byproduct of their records being included in as HIE? Should commercial organizations be prohibited from accessing this information, or should they be required to pay for the data if they are permitted to access it? Who owns aggregated information that is derived from patient data? All of these questions, and others, have yet to be addressed.”
(The Kansas Health Information Exchange has since transferred its regulatory authority to the Kansas Department of Health and Environment.)
Cauthon’s article quotes Laura McCrary, KHIN’S chief executive, as saying the major issue standing in the way of an agreement is a mutual understanding of how patient data can be used after it is transferred from one network to the other. When asked for an example of a use that KHIN is seeking to prohibit via the data-sharing agreement, McCrary said: "Providing our data to an insurance company that's not a KHIN participant."
The concern is that an accountable care organization or insurance company could access data on other networks that it is not paying to access.
But Mike Dittemore, executive director of LACIE, said that concern should not prevent the networks from reaching agreement. “You can only query one patient at a time. Participants have no access to do large data inquiries — they cannot query on conditions, they cannot query on diagnoses, they can only query on the patient they are treating,” he said. Dittemore added that while insurance companies, ACOs, and other LACIE participants cannot access aggregated data from KHIN, they could get data on individual patients as part of the standard payment procedure.
The state is convening an advisory committee to address secondary uses. Among the questions the committee must address are: Can it be used for commercial purposes and, if so, to what extent does patient consent to have their records exchanged also extend to the question of having their records analyzed for commercial purposes?
Meanwhile, the article says, KHIN and LACIE are still working on hammering out a data use agreement.
