Posted October 28, 2008 by Lygeia Ricciardi
Last week at the Health 2.0 conference I saw an explosion of tools and services that help consumers put their own health data to good use. DestinationRx helps you avoid adverse drug events and find cheaper alternatives to the medications you are using; PatientsLikeMe lets you share your experience with a specific health condition, like MS, and learn from others who have it; Keas (the not-yet-live service founded by Adam Bosworth, formerly of Google) will let you manage behaviors like diet through a clear graphical interface.
All of these applications and many others require the same input to provide value: health data about individual consumers. But a comprehensive, accurate, longitudinal health record, especially in electronic form, is hard to come by—which is the gap platforms such as Microsoft’s HealthVault and Google Health are trying to fill.
There is, in theory, another source well-positioned to address that need: RHIOs. Regional Health Information Organizations (RHIOs) aggregate health information about patients electronically from numerous providers, labs, clinics, drug stores, etc. RHIOs are often built primarily to assist providers in delivering better, more-informed care. But they could also serve as a perfect starting point for consumers who want to take a more active role in their own health… if and only if they let consumers access their own data.
Such access should not be assumed. Take the case of New York State, which is spending more than $200 million, largely in tax dollars, on health IT--more than any other state. New York just issued for public comment a set of draft policies. Among them (see Section 5.2 of the “RHIO Policies and Procedures” document), state-funded RHIOs are not required to give consumers access to their own health data, even though the RHIOs are already aggregating it.
To me, this seems like a terrible missed opportunity. If we really want to empower consumers, we need to let them access and use their own health data. Not just to take advantage of PHRs and other cutting-edge services and applications, but also to help them fix potential mistakes in the record, and make informed decisions about how they want their data to be used (or not used). And shouldn’t consumers also be able to take their data with them, regardless of whether they leave a particular provider, employer, insurance company, or state?
Aetna gets it. (See yesterday’s post.) Shouldn’t policymakers? What do you think?
There are several issues at work here.
First, the real concern RHIOS have is identity management. (Add to that the simple reality that there are very few operational RHIOs who could finance these capabilities). How can one be sure that the person accessing information is authentic or authorized?
Second, there is the issue of control. Health plans as intermediaries and provider organizations (e.g., individual hospitals or health systems) have a very different power relationship than a health information exchange that links individuals directly to a system of often-competing health care providers. It's a different dynamic.
In my own view, RHIOs are "proxies" for some future state where individuals can exert greater control over their health information. Such control, I believe, is the only real way out of our current predicament. But to make this happen, our Nation will have to be more systematic in creating an identity management process that makes information available to us but not to those who are not authorized. Banks, financial firms (e.g., e*Trade), and even PayPal have identity management systems that seem to work. Many of the commercial offerings (e.g., some Microsoft HealthVault apps and many others) also have the capability of achieving this aim. But these approaches are not commonplace and systematic. Issues of audit, remedy, and the like need to be worked out. So many who could in principle offer these services chose not to because of the maxim "first, do no harm."
Posted by: Mark Frisse | October 28, 2008 at 02:45 PM
HIPAA already recognizes that people have the legal right to access their own medical data. The practical problem is that today they means paper copies.
A state law that says "RHIOs don't have to give patients their data?" Now that's a public interest lawsuit in the making....
It's also public relations disaster for any public official that defends such an absurd law.
Posted by: Vince Kuraitis | October 29, 2008 at 11:20 AM