Posted June 26, 2008 by Lygeia Ricciardi
Privacy is one of the most popular topics on this blog. That’s because privacy concerns are one of the biggest roadblocks that stand between the public and a new model of electronic health information sharing that improves the quality of care and empowers individuals.
In the last year we’ve seen dramatic changes in the online health environment. Giants from other industries—including Google and Microsoft—have launched services that let consumers create accounts to collect, store, and share their health data, and feed it into a theoretically limitless number of creative PHR applications, like those Project HealthDesign is prototyping.
This kind of platform service, variations of which are also offered by provider organizations, health plans, Internet companies and employers, is an essential ingredient for better healthcare through IT. Without it, it’s incredibly difficult to pull together information from disparate sources so it can be useful.
A big problem, though, is that many of these new platforms (or “consumer access services,” as Markle calls them) aren’t regulated. Without legal parameters protecting consumers’ privacy, consumer access services could hypothetically use or sell the data for marketing, leave it susceptible to hacker attacks, fail to respond when a privacy breach occurs, or even share it directly with insurers, employers, or others who might use it to discriminate against individuals.
Enter the Markle Foundation’s new framework: Connecting Consumers, Common Framework for Personal Health Information. Building on the Common Framework it released in 2006, which addresses health information sharing among institutions, this new framework is about networks that include individual consumers and the services that enable them to access, share, and use their health information as they choose.
Markle adapts long standing fair information practices to the emerging health IT environment, calling on industry to self regulate by developing sound practices on authentication of consumers, security, audit trails, and the like. The new framework includes four overview documents and 14 specific technology and policy approaches for consumers to access and control their own health information electronically.
The new Markle framework is notable both because of its level of detail and because of the consensus-based approach used to develop it. Groups as diverse as AARP, America’s Health Insurance Plans, Dossia, Google, Intuit, Microsoft, and WebMD signed on.
So who will use it? Many of the major signatories claim already to have incorporated the framework’s points into their products or services—though there are certainly many developers and other entities out there who have not. It may also influence policymakers as they appear (finally!) to be moving toward passing some significant health IT legislation in the weeks or months ahead—actual laws consistent with the framework’s approach could help to give it teeth.
If, through whatever mechanism, the basic guidelines laid out by the framework become the norm, consumers are likely to overcome many of their privacy concerns. According to a survey Markle released with the framework, Americans overwhelmingly believe PHRs could improve their health—and nearly 90% consider privacy as a factor in choosing one.
In the spirit of full disclosure, I have to note that I was a member of the Markle work group that produced the framework. So it's no surprise that I think its release and widespread endorsement is a real contribution, but I also wanted to offer my thoughts from the perspective of Project HealthDesign.
The Project HealthDesign vision is premised on the idea that there will be organizations that hold personal health data and enable 3rd party applications to access those data through APIs. That idea is in turn premised on people's willingness to trust their data to these PHR platform services. To the extent that the organizations that provide those services follow the Markle practices, that trust will be merited. Having so many of the key industry players committing to them is a great step forward -- it brings us closer to a day when PHR applications will really take off.
Posted by: Steve Downs | June 26, 2008 at 04:53 PM