Sunday, August 1, 2010

The EHR Circle of Trust

Every day millions of Americans and billions of people around the globe are routinely accepting colorful pieces of paper in return for their labor and placing those hard earned possessions in modern glass buildings whose owners they do not know. It took a few hundred years to change how business transactions are conducted, but today, there is very little apprehension about depositing one’s wealth in a bank. Public trust in both the government issued paper and the financial institution’s ability to safely store the increasingly virtual representation of buying power had to be painstakingly created and watchfully maintained.

When people, for one reason or another, lose trust in government paper or banks, the entire financial system fails miserably. Public trust is a prerequisite to any national monetary system and public trust is a very delicate thing. Nations create laws and regulations around financial institutions specifically aimed at building public trust. People have to trust that paper and its virtual counterpart can be exchanged for goods and they need to trust that banks, while safely storing their funds, will always make them available to their rightful owner on demand. Banks have a legal and fiduciary responsibility to take good care of your possessions, thus very few folks feel the need to store their family jewels in a strong box under their floor boards.

The fast approaching era of Health Information Technology (HIT) raises the same dilemma faced by our forefathers trying to decide if they should take their gold coins to the bank, or stuff them in a secret compartment of their jacket, or maybe bury them under the cowshed. We need to decide if we want to make our Electronic Health Record (EHR) part of a Health Information Exchange (HIE), or carry them with us on a USB stick, or just leave them locked up in our doctor’s office. There are obvious benefits and risks to each approach.

As long as banks were easily robbed on a daily basis, and as long as nobody guaranteed that your money was safe in a bank, and as long as you didn’t travel much, the cowshed was the best option. For the frequent traveler, the lovingly sown secret pocket was the optimal choice. When bank robberies disappeared from our daily experience and boats, railroads, automobiles and eventually airplanes transformed us all into a society of modern nomads, banks became the most practical choice, particularly since government insured our deposits were safe. Having a critical mass of citizens elect to store their wealth in banks allowed the economy to flourish. Millions of small personal fortunes aggregated together served as the engine by which banks fueled growth of businesses, which in turn created more and better paying jobs and ultimately added much value to those disparate small personal fortunes. Everybody benefited.

In 21st century America, most of us travel and change residence frequently. It would be nice to have our medical records be as portable as we are. Most of us use computers every day and couldn’t imagine life without the Internet. We also recognize the benefits of aggregating millions of data points to bring about more medical knowledge, better research and ultimately better health outcomes for everybody. So why is it that most people surveyed are as uncomfortable with EHR and HIE as Farmer John was with banks two hundred years ago?

In Health Care today we are at the “daily bank robbery” stage. It seems that every day another laptop loaded with clinical data is stolen, or a hospital computer system is breached. On top of that there is very little government assurance (HIPAA) that those holding our medical records should act responsibly and not use our personal records for “getting rich quickly” schemes while possibly inconveniencing, or even harming, us in the process. So before Farmer John can bring himself to deposit his medical records with an HIE, he needs evidence that not every fifteen year old with a gun (hacker) can easily avail himself of any records he chooses to have. Security of electronic medical information must be of Fort Knox quality. This is not currently the case when all sorts of unencrypted laptops and portable storage devices are floating around in employees’ cars and homes, and most hospitals and clinics have nothing in place even remotely resembling the security of financial systems.

When you deposit your valuables in a bank safety deposit box, banks are prohibited from peeking into your box, making lists of your possessions and sharing that information, unless required by law. When it comes to medical records, aggregators may hire a person familiar with statistics to attest that sufficient data elements were removed from personal records before a sale of information takes place, so only a “very small” risk of identifying the owner remains (HIPAA § 164.514), and there is no requirement for public disclosure of these shady transactions. EHR data sets are very rich with personal, not just medical, information and are worth many billions of dollars. Selling records to marketers, employers, “wellness companies”, insurers, pharmaceutical and device corporations should be explicitly prohibited by enforceable legislation. Aggregators of medical records should be allowed to modestly profit from supplying data to non-profit research institutions, and just like banks pay interest to those facilitating bank profits, medical records aggregators should share profits with Farmer John, either directly or by reimbursing providers for electronic data collection. And no, free software is not nearly enough compensation. Furthermore, any and all dealings and data exchanges should be fully transparent to the customer who chooses to deposit records with a particular aggregator. If Farmer John does not approve of an HIE’s policies and transactions, he should have the ability to take his medical records elsewhere. We need to know that our records are properly guarded and that we are the ultimate decision makers when it comes to their utilization. Public trust will follow.

Trust is not built in a day and trust is not created in complete darkness and trust will not come about without concrete evidence that trust is posrible. Asking people to trust their life records to an unnamed chain of software vendors operating with no legally enforceable regulations, while the headline news are chockfull of medical records robbery announcements, is very similar to Jesse James requesting Farmer John to deposit his life savings at the rickety bank he is about to rob. Talk is cheap and Americans are smarter than that.  Like Jesse James, I am from Missouri, so “Show Me” trustworthy conduct and I will trust.

No comments:

Post a Comment