Health policy must address user-generated data

Posted January 15, 2009 by Lygeia Ricciardi 

One of the key themes that has emerged in Project HealthDesign’s work to date is the importance of data that consumers or patients generate themselves, as opposed to the data that has traditionally been collected about them by the health system.

User-generated data is made up of observations of daily living (ODLs). The types of observations made and the ways they are used vary widely. A person managing diabetes, for example, might carefully track her diet and blood sugar levels, while someone with allergies might instead track the weather and his activity levels. Other popular ODL topics include exercise, sleep habits, social interactions, and moods. Some people collect health data about themselves with the explicit intention of sharing it with healthcare providers, while in other cases, people collect and use the information on their own, often to help modify their behaviors. (For more on ODLs, see the E-Primer on Health in Everyday Living).

The last few years have seen a dramatic uptick in the development of digital tools to support the collection and use of ODLs by the public, including the efforts of many of Project HealthDesign’s grantees. But the policy world has not kept pace.

For one thing, there are few policies that apply to many ODL-related products and services. For example,  the Health Insurance Portability and Accountability Act (HIPAA), the primary federal health privacy regulation, applies only to certain types of organizations, including hospitals and health insurance companies. It does not cover many Personal Health Records (PHRs), or related applications, such as digital glucometers and scales that transmit data, websites on which people can enter their own health information, or health applications run on mobile phones. Guidance on HIPAA and PHRs released last month by Secretary of Health Michael Leavitt did not elaborate significantly on how policies might apply to specifically to user-generated data. 

Last fall, the Certification Commission for Healthcare Information Technology (CCHIT) requested comments on its proposed criteria for the certification of PHRs. Dr. Patti Brennan, Director of Project HealthDesign, submitted comments emphasizing the need for more attention to user-generated data.

The lack of such policies could present problems related to user-generated health data on both the privacy and functionality fronts. Where privacy is concerned, depending on the tools they are using, individuals can choose whether to share their data with their healthcare providers. But who decides whether the entities that provide the tools and services can access the data, and for what purposes? In terms of functionality, guidelines may be needed to assure that user-generated data can be efficiently stored, shared, and integrated with data from other sources, whether for the use of individuals, their healthcare providers, or others.

As the US is poised, with the advent of a new Administration, a new Congress, and a massive economic stimulus package, to invest more federal dollars than ever before in health information technology, policy-makers must be careful not to ossify the healthcare system we have, but in electronic form. We need to pave the way for a system that is restructured in numerous ways—one of which is better incorporation of the data, knowledge, and needs of patients.