Junkfood Science: Your secret's save with us — more electronic health information news

November 12, 2008

Your secret's save with us — more electronic health information news

Two stunning stories came out today from the federal advisory committee formulating the government’s action plan for accelerating the adoption of a national electronic health database (Health IT). The American Health Information Community’s final meeting was today.

First, Health and Human Services Secretary Mike Leavitt announced that a new pilot project called Medicare PHR Choice will target seniors on Medicare in Arizona and Utah.

These elderly beneficiaries will be encouraged to provide their personal health and lifestyle information to online electronic personal health records, which will be able to integrate their medical records, pharmacy records and other sources of health information. These PHR companies will provide health management tools, select health information for them, and exchange their information electronically between physicians, pharmacies, and other providers. Medicare will also automatically upload up to two years of the seniors’ claims data into the PHR, if desired.

But here is the disturbing part: the choices of online personal health records the seniors can use are with young, private companies. These new private-public partnerships with Medicare include:

● Google Health


NoMoreClipboard.com (integrated with Google Health)

Passport MD

Will these seniors be warned that all of their personal information they voluntarily turn over to these private online services is not protected by any medical privacy protections? By voluntarily participating in these private PHRs, these seniors will be giving tacit permission for the companies to use all of their most private information in any way they wish and the seniors will have no recourse.

As noncovered entities from the federal HIPAA law (Health Insurance Portability and Accountability Act of 1996), such as it is, Google and the other private PHRs could share their information or sell it to anyone, including to the government, and use it for any purpose. This would enable the government to gather in-depth personal information about each senior’s lifestyle habits, medical and family histories, and health, which could be used for any purpose, to identify those for specific intervention or to determine or deny benefits.

Electronic records are of paramount importance, according to stakeholders at the Alliance for Health Reform conference, because it will allow the tracking of patients’ and doctors’ behaviors for their compliance with screening and prescriptions and care management; is essential for provider performance measures; and is key to enabling control over medical information reaching providers and consumers. These databases, filled with the most detailed information about beneficiaries, also hold tremendous commercial value, as well as potentials for abuse.

“Increasingly, consumers will be receiving an array of pitches and promotions and product offerings based on very sophisticated analytical assessments of their health information,” Jeff Chester, executive director of the Center for Digital Democracy, said to the Mercury News a few weeks ago. “This is an area rife with problems.”

HIPAA and privacy protections and consumer precautions were covered in depth here. It is important for seniors to understand the difference between a PHR company that tells them it is HIPAA compliant and one that is HIPAA covered. None of these private PHRs being promoted by Medicare are covered under HIPAA. They are only HIPAA compliant which offers no protections at all and the terms of use can be changed anytime, at the discretion of the company. Seniors may learn about the changes next time they log on, if they read the fine print “Terms of Use,” or maybe not. But once their information is electronic, it’s gone and out of their hands.

One of the ongoing concerns of these electronic health records businesses, such as Google, is that their business models are in constant flux, according to Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “They may say today there is no advertising,” for instance. “Once they are in possession of the medical data, they can change the business model.”

There is surprisingly little information about these private PHR companies on their websites, and even less about the people who will be managing the seniors’ health and health information. More is known about Google. A recent investigation of the top online companies by Privacy International found Google had the worst privacy practices and record for privacy protection of any internet-based company in the world. It wasn’t just a “substantial threat” to privacy, but the only company it found to actually be “hostile to privacy.”

Things aren’t going well

The second announcement that came out of the American Health Information Community meeting today was a report that surprised even the most ardent supporters behind the adoption of a national electronic health database. It’s popularly believed that individual physician practices are the slowest adopters of electronic medical records and that hospitals have more widely complied with them.

As reported by Government Health IT today, a new survey of American hospitals found that, in actuality, only 1.7% of hospitals use comprehensive electronic medical records. This report was delivered at the meeting by Dr. Ashish Jha of the Harvard University School of Public Health and Catherine DesRoches of the Massachusetts General Hospital Institute for Health Policy and described as “somewhat sobering.”

The hospital IT adoption survey, done in conjunction with the American Hospital Association, got responses from more than 3,000 U.S. non-federal hospitals, one of the largest samples ever, said DesRoches. While only 1.7% of the hospitals had systems in place in all hospital departments, such as ordering laboratory tests and discharge summaries; up to 12% had some minimal electronic system in place in at least one department. Functions that have been computerized in hospitals haven’t been integrated to work with each other, such as viewing lab tests, so as to create the comprehensive electronic health records as needed for transition to the national Health IT program. The survey also found that, like doctors, e-prescribing was also the biggest barrier at hospitals.

As GovHealthIT reported: “Leavitt expressed disappointment at the way the data was presented to the AHIC. ‘It belies the actual progress to simply measure those who have arrived” at the goal of comprehensive EHRs,’ he said.”

With the conclusion of the American Health Information Community, Secretary Leavitt also issued a press release today describing this advisory committee’s work. This body was created in 2005 to bring together 160 stakeholders in health IT and, after 25 public meetings and 176 workgroup meetings, it compiled 200 recommendations. These dispel any beliefs that government oversight is simple, streamlined or inexpensive. As Secretary Leavitt said:

Some of the accomplishments resulting from AHIC's recommendations include:

● The development of 26 priority areas to serve as the basis for the identification of standards, certification and networking of health information systems. The standards, efforts advanced by the Health Information Technology Standards Panel, have resulted in the advancement and recognition of 52 interoperablity standards for health care and public health. An additional 60 standards are expected to be recognized in January 2009. These standards, based on AHIC-recommended priority areas, will be used in all applicable federal systems and contracts as well as in recognized software certification processes for commercial systems.

● The development of a standards-based certification process for ensuring functionality, security and interoperability in electronic health records supported by the Certification Commission for Healthcare Information Technology. Since its inception, CCHIT has certified nearly 60 percent of inpatient EHR vendors representing more than 75 percent of that market and, it has certified more than 50 percent of vendors of ambulatory EHRS.

● The identification of needed outreach and incentives to spur the adoption of EHRs. Recommendations were set forth that enabled HHS' Centers for Medicare & Medicaid Services to identify 12 communities to participate in a national Medicare demonstration project that provides incentive payments to physicians for using certified electronic health records to improve the quality of patient care…

● The development of a nationwide survey methodology and analysis of the survey data using a standardized definition of adoption that will serve as the basis and future standard to assess the rate of EHR adoption in hospitals and physician offices.

● Successful live demonstrations of the Nationwide Health Information Network. The NHIN is a "network of networks" that will arise from public-private collaboration on a standards-based infrastructure that will enable broad, secure information exchange. The initiative has advanced from prototype development to a successful first demonstration of national data exchange among select NHIN participants in September 2008. The NHIN will demonstrate additional data exchange capabilities in December 2008.

● The establishment of a dedicated Confidentiality, Privacy and Security Workgroup that addressed the needs for clear policies and procedures to ensure that appropriate privacy and security protections are developed and maintained for the electronic exchange of health care information. These recommendations will serve as the basis of a privacy and security framework for electronic health information exchange to be announced in December 2008.

The AHIC is now replaced with the “AHIC Successor Inc.,” a public-private partnership of stakeholders that was incorporated in July and will take these recommendations and put them into action to create a nationwide health information system in the United States.

© 2008 Sandy Szwarc

Bookmark and Share