Consumer-Mediated Health Information Exchanges: The 2012 ACMI Debate

Abstract

The American College of Medical Informatics (ACMI) sponsors periodic debates during the American Medical Informatics Fall Symposium to highlight important informatics issues of broad interest. In 2012, a panel debated the following topic: “Resolved: Health Information Exchange Organizations Should Shift Their Principal Focus to Consumer-Mediated Exchange in Order to Facilitate the Rapid Development of Effective, Scalable, and Sustainable Health Information Infrastructure.” Those supporting the proposition emphasized the need for consumer-controlled community repositories of electronic health records (health record banks) to address privacy, stakeholder cooperation, scalability, and sustainability. Those opposing the proposition emphasized that the current healthcare environment is so complex that development of consumer control will take time and that even then, consumers may not be able to mediate their information effectively. While privately, each discussant recognizes that there are many sides to this complex issue, each followed the debater’s tradition of taking an extreme position in order emphasize some of the polarizing aspects in the short time allotted them. In preparing this summary, we sought to convey the substance and spirit of the debate in printed form. Transcripts of the actual debate were edited for clarity, and appropriate supporting citations were added for the further edification of the reader.

Introduction

The American College of Medical Informatics (ACMI)¹ periodically sponsors a debate at the AMIA Annual Symposium that focuses on some informatics topic of national or international import. The debaters are ACMI fellows who take on the task as an educational service to the community and attempt to present balanced discussion that may at times be counter to their personal position on the topic.

This paper is based on a transcript of the session, which has been edited for clarity and to remove the colloquial language that is characteristic of oral presentations.

Introductory Remarks

The topic of the 2012 debate addresses the level of patient empowerment that is possible and desirable in health information exchanges (HIEs). HIEs have been discussed in the biomedical literature since at least 1957.[1] In the US, work on HIEs began in earnest in the early 2000s, with the primary focus on patient data exchanges between large healthcare institutions. These initial HIEs were usually provider-oriented regional arrangements, with very little patient involvement. However, the US patient empowerment movement, which began to gain notice in the mid-1970s [2], gained significant influence with the Health Records Act 1990, the Health Insurance Portability and Accountability Act of 1996, and the Data Protection Act of 1998—all of which addressed the issue of patient access to their own records.

The topic of the 2012 ACMI debate was “Resolved: Health Information Exchange Organization Should Shift Their Principal Focus to Consumer-Mediated Exchange in Order to Facilitate the Rapid Development of Effective, Scalable, and Sustainable Health Information Infrastructure.” The “pro” position was argued by Dr. William Yasnoff, the Managing Partner of National Health Information Infrastructure Advisors, and Dr. Latanya Sweeney, professor of Government and Technology in Residence at Harvard University. The “con” position was argued by Dr. John Halamka, Chief Information Officer and Dean of Technology, Harvard Medical School, and Dr. Mark Frisse, the Accenture Professor of Biomedical Informatics at Vanderbilt University.

The discussion that follows captures the comments of the 2012 debate and is divided into eight segments of presentation and rebuttal. Additional points are included that were made during a question-and-answer session with the audience after the debate’s completion.

Statement in Support of the Proposition

WILLIAM YASNOFF (WY)

The subject of this debate is health information infrastructure, which the 2001 National Committee on Vital and Health Statistics report, Information for Health, defines as “a comprehensive knowledge-based system capable of providing information to all who need it to make sound decisions about health.”[3]

The goal of the Health Information Infrastructure is the availability of comprehensive electronic patient records when and where needed. The word “comprehensive” is critical because most of the quality improvement and cost savings that we expect from Health Information Infrastructure will not come from converting our current silos of data into digital form, but rather from having more complete information on patients, particularly at the point of care. Accordingly, we need both fully electronic health records (the subject of the HITECH incentives) and a mechanism for aggregating all the records on a given patient in a particular place at a particular time. The HITECH Act provided over $500 million in funding to the states for the aggregation task.

According to the Office of the National Coordinator for Health Information Technology (ONC), HIE organizations are responsible for sharing health information electronically in accordance with nationally recognized standards.[4] When we add the resolution’s concept of “consumer-mediated exchange,” the result is what ONC refers to as “personally controlled health record platforms.”[4]

“Personally controlled” means that the consumer requests that specific health information be exchanged (this may be a standing request) and specifies with whom it is to be exchanged. Also, the consumer may annotate the information, enabling each consumer to enforce his or her own individual privacy requirements. This is consistent with the “download and transmit” requirement in Meaningful Use stage 2.

The resolution’s phrase “shift their principal focus” implies, correctly, that consumer-mediated exchange is not the current principal focus. At present, HIEs are generally intended to facilitate information exchange directly or indirectly from one health care provider organization to another, typically without the consumer’s knowledge or approval. In some cases, the consumer may opt out or opt in to the entire process but beyond that has little or no control.

Why is this important? Consider the last phrase in the resolution: “to facilitate the rapid development of effective, scalable, and sustainable Health Information Infrastructure.” At present, we are not moving rapidly towards this goal. The PCAST report from December of 2010 said, “HIE efforts through the states will not solve the fundamental need for data to be universally accessed, integrated, and understood while also being protected.”[5] A recent survey of 179 HIEs found that none met the authors’ definition of “comprehensive,” and just 13 met Meaningful Use stage 1 criteria. The authors therefore questioned whether Regional Health Information Organizations (RHIOs) in their current form can be “self-sustaining and effective in helping U.S. physicians and hospitals engage in robust HIE to improve the quality and efficiency of care.”[6]

The resolution’s use of the word “scalable” means that once implemented, an HIE should be expandable to larger populations, and ultimately the whole country. However, since the HIEs are not currently effective, scaling them would be counterproductive. By “sustainable,” the resolution implies that ongoing recurrent revenue should be sufficient to cover operations. The PCAST report states “The lack of a clear business case for communities to sustain HIEs over time remains a daunting challenge.”[5] Similarly, the previously cited HIE survey found only 6, or 3.4 percent, of 179 HIEs were self-reported as sustainable; objective audits might find an even lower rate.[6]

Our proposed solution is the creation of consumer-controlled community repositories of electronic health records, otherwise known as health record banks (HRBs).[7,8] This solves the key problems that are currently plaguing HIEs:

Privacy

Patient control allows each person to establish his or her own privacy policy. In this large and diverse country, this is the only privacy policy that every person can agree on.

Stakeholder cooperation

When patients requests their health care data, all stakeholders must provide such data under HIPAA, and they must provide them in electronic form, so the result is comprehensive records. Both privacy and stakeholder cooperation are essential for effectiveness.

Sustainability

Once you have the information together in one place under patient control, multiple business models are possible, operational costs are low and there are many opportunities to create value with the information. For example, you could have a “freemium” business model,[9] popular on the Internet, in which there is no cost for basic accounts; revenue comes mostly from optional apps and anonymized reports for researchers and policymakers. Sufficient revenue (shared with the consumer) is generated to provide ongoing permanent providers with subsidies for cloud-based electronic health records (EHRs). Note that in this business model, there is no need to assume or capture any healthcare cost savings.

Practical

Finally, this is practical to implement. Free EHRs can be offered to physicians in exchange for signing up patients for free health record bank accounts. This yields truly comprehensive electronic records through much higher adoption rates and rapid achievement of critical mass of patients, with a reasonable startup cost of $5–8 million and scalability through replication in other communities.

In summary, HIEs today are not on a path to success. By changing their focus to consumer-mediated HRBs, we can rapidly achieve an effective, scalable, and sustainable Health Information Infrastructure that provides comprehensive electronic patient records when and where needed.

REBUTTAL TO DR. YASNOFF’S STATEMENT

John Halamka (JH)

We all agree that the goal of ONC is to provide coordinated care, to improve population health, to measure public health. However, I will argue against a few of Dr. Yasnoff’s assertions.

First, do HRBs really exist? Google Health is gone. Uptake of Microsoft HealthVault is slow and many find it that it does not provide a highly usable experience.

Dr. Yasnoff states that creation of a sustainable, provider-centric HIE is very challenging. However, In December of 2011 the Centers for Medicare and Medicaid Services (CMS) approved funding for a provider-centric HIE. On October 16th of 2012, we went live with a fully sustainable provider-centric exchange connecting 5,000 providers in the State of Massachusetts. Each agreed to pay an amount equivalent to the value they would derive from the exchange. Interestingly enough, when we did a sensitivity analysis, we found that no patient was willing to pay for such a service. They expected the payer and the provider to coordinate care and provide this kind of function.

Dr. Yasnoff references the PCAST report several times. The PCAST report essentially contained recommendations related to three important concepts: provenance of data, metadata describing patients, and privacy flags. Meaningful Use Stage 2 actually incorporated those three recommendations into the standards that are required as part of the certification rule. So, in fact, to implement the PCAST goals, a patient-centric HIE is not required.

The story of my wife’s cancer diagnosis is informative here. She went to Partners HealthCare, a major Massachusetts health care delivery system, and received a diagnostic mammogram. That mammogram illustrated that she had something concerning going on in her left breast. She wanted to seek further care at another provider organization, Beth Israel Deaconess. She was told at that time, that there was no information superhighway in Massachusetts.

She visited the Health Information Management Department of Partners HealthCare and asked for her electronic record, and she was told that, for 25 cents a page, she would be getting paper that she would then drive to her next provider of care to deliver it. So, in fact, HIPAA does not require an electronic copy delivered to the patient unless the data are in electronic form.

On October 16th, the Massachusetts HIE went live, Governor Deval Patrick pushed my wife’s electronic record across Partners HealthCare, Beth Israel Deaconess, Harvard Pilgrim Health Care, a third-party aggregator of quality data, and a small solo practice in the western part of the state to prove that, within one year, we could achieve seamless provider-to-provider exchange, protecting privacy, and do it in a sustainable fashion.

So, in response to the resolution, we have an example of a rapidly developed, effective, scalable and sustainable HIE that did not require shifting to a consumer-mediated approach.

STATEMENT OPPOSING THE PROPOSITION

Mark Frisse (MF)

In taking rather polarizing perspectives on the proposition, our primary goal is to understand the important perspectives and questions that help frame the privacy debate in a way that will help individuals and society find the means by which information technology can be used in a manner consistent with expectations about the management of very personal information. This is a challenging task.

Privacy is not an add-on to technology or policy. It cannot always simply be layered on top of a database or appended to policies. It is a pervasive issue that touches on economics, philosophy, our notions of personal justice, and a wide range of other factors that are not often brought up systematically in scientific proceedings. Privacy is at the core of the matter. It is central to every personal transaction among individuals or organizations. Although these issues extend into every aspect of modern life, we restrict our argument to privacy of health information. There are many reasons why we have disagreements, and I am going to go through some of these in an effort to respond to Dr. Yasnoff’s points.

We can begin by understanding that technology is necessary but not sufficient for enforcing medical privacy expectations. Through an ONC-funded project and other efforts, my associates and I have been trying explicitly to encode policies and laws into logical statements that can, in turn, lead to executable code operating on health data. These efforts are challenging and critical to the informatics agenda, yet with the exception of work reported in a few papers in JAMIA and a few conference proceedings, privacy seems to be an orphan in the field of medical informatics. I believe that both consent and privacy policy enforcement are foundations for accountable care, data sharing, and every other activity essential to a trusted learning healthcare system.

Health information exchanges as organizations were an early testing ground for accommodating privacy preferences. I participated in the creation of such an enterprise in Memphis, Tennessee. Our data sharing agreements and privacy policies were based on contemporary documents from the Markle Foundation’s Connecting for Health Initiative. We found that trust was essential and that addressing issues of secondary use or exceptions – including some required by recent federal rules – would have been problematic.

In the Memphis exchange, we found that about one percent of the patients chose to opt out. What was ironic to me was we have all this debate about privacy protection, but when patients in Memphis opted out of our newly created clinical health information exchange, I fear these individuals thought they were opting out of every use of their data. Opting out of the health information exchange did not prevent many downstream uses of health data that were bought and sold on commercial markets. Opting out, therefore, is an incomplete remedy for assuring the realization of one’s privacy expectations.

Change takes time. What seems impossible or impractical at one instant may later become commonplace. Emerging technologies often require five or more years for buyers and sellers to understand their value before they can become incorporated into a market. Many retrospective expert analyses raise despair about the financial viability of health information exchange activities. But similar pessimistic predictions have been made about the telegraph, the telephone, personal computers, and almost every other disruptive innovation that now plays a prominent role in our lives.

Admittedly, many state health information exchanges are not getting traction, but other models – particularly those based on clinically integrated networks, accountable care organizations, and other forms of collaboration – are incorporating many principles that make them, functionally, health information exchanges. Currently, organizations are less focused on regional or statewide exchanges and far more focused on the latter forms I have mentioned. Each of these forms requires the same attention to personal privacy protection and policy enforcement.

I now turn my attention the specific terms used in the proposition.

Shift

One may suspect that “shift” implies a gradual and evolutionary change. But sometimes dramatic and abrupt shifts force change that taxes cultural norms. Examples of such shifts would include the introduction of accountable care organizations, post-discharge care coordination programs, Meaningful Use standards, and many other external factors that provide new incentives for parties to exchange information. Perhaps things will shift entirely into the approach promulgated by the proponents. I would welcome such a change if it were emergent and not yet-another top-down mandate. But I do not think things can move quickly and therefore the proposition very much depends on what we mean about the rate of change implied by the word “shift.”

Consumer-Mediated

The definition of “consumer” is elusive. Is a consumer the same as a patient? Are the preferences of consumers or patients static? I suspect not, because when one receives care regularly within a healthcare system, one’s behavior changes. As one passes through phases of serious or chronic illness, preferences made while healthy may no longer apply. My family is currently on such a journey facing a terminal illness in someone we love greatly. Most of what we believed prior to this crisis was thrown out the window. Our understanding and preferences change as a result of what we experience.

As you know, in “informed consent” people don’t really quite know what they are consenting to. Efforts to simulate future events – through videos or other means – might help with medical informed consent and with a realistic view of medical privacy. Can I really trace my consent to see where my data go and the real implications of them doing so? How do I change my preferences and assure that my change repudiates past privacy preferences? At best, our complex healthcare delivery and financing systems create a labyrinth of data in which the fate of our personal health information often cannot be discerned.

Rapid

As Dr. Halamka says, you can build different forms of health information organizations or different forms of health information exchanges among trusted participants almost immediately. Indeed, I can argue exchange takes place any time my physician is asked to fax a portion of my medical record with my consent. The fax, like other common means of communication, may be rapid but fax patterns are not accountable; individuals cannot easily obtain a trace of where their data were sent and for what purposes. A consumer-mediated approach would alleviate that concern, but such introductions would not be widely adopted rapidly. Innovation can happen only so quickly. Culture trumps both strategy and good intentions. The key to “rapid” has more to do with public perception and participation than it does with proclamation.

Scalable

Scalability depends on how components are organized and how they are used. I would argue that many health information exchange propositions based on highly-granular consent methods are so complex that they will collapse under their own weight. Instances where they do not might be due to individuals entrusting the management of their health information to one or more third parties. This may add scalability but it also adds complexity. If one wants to trust a third party, one’s primary-care practitioner might be the ideal candidate; this is the argument made by Dr. Halamka.

Sustainable

The idea here is to monetize information and the arguments in favor of this are plausible. But the pace at which sustainability can be reached is not certain. There remains an opportunity for fraud and theft. It will take time and carefully studied pilots to see if the proponents’ approach meets societal expectations.

I agree with their motivation but it is difficult for me to be certain that organizations combine policies, technology, informatics, and economics to assure trust. Drawing on Helen Nissenbaum’s approach,[10] I would take the view that it is not so much who owns my data, but whether the use of my data is consistent with personal expectations or social norms. It’s not a matter of collection; cameras are everywhere. It is not a matter of aggregation; some aggregation is in the public interest. Rather, it is potential misuse of our incredible ability to collect and aggregate data.

I would also argue that we must not address only privacy rights; we must address our responsibilities to be accountable for health care services that we use but for which we do not pay. Most of us do not pay for our entire health care. Others pay for it. All of us – including me – have some accountability to rationalize how healthcare dollars are spent. For example, if I have active tuberculosis, I don’t like the idea that it’s my libertarian right to just cough all over you and nobody needs to intervene. Our privacy rights are bounded by social responsibilities, but these responsibilities vary across organizations, across the country, and across the world.

Finally, I ask again whether the alternative proposed by the Proponents is tractable; does it really meet the desired ends? Is it self-contradictory? Do we have any faith at all that such a dramatic reframing will not bring promising healthcare technology efforts to a grinding halt? And so, like Dr. Halamka, I tend to favor a broader consumer role but in the context of privacy and provider-mediated exchanges. I would like to see more flexibility, but in the general case, I think the vast majority of people would just like to tweak the system, clip off the tails, and do nothing more.

REBUTTAL TO DR. FRISSE’S STATEMENT

WY

First, I would like to address specifically what Dr. Halamka said about HIPAA and electronic copies, repeating a very common myth. Having worked in the office at the Department of Health and Human Services (HHS) that wrote the HIPAA regulation, I want reference the text of Section 164.524(c)(2)(i) of the original privacy rule that addresses patients requesting their records: “The covered entity must provide the individual with access to the protected health information in the form or format requested by the individual, if it is readily producible in such form or format.” Under Meaningful Use, it is readily producible if there are electronic records, and therefore, it must be electronic. The idea that one can respond to a HIPAA request with paper if there are electronic records is not consistent with the regulation.

Second, just because this approach has already failed in certain cases doesn’t mean the idea of health record banks is not viable. Certainly, Google Health failed. However, Google Health had four key problems:

Trust

Who is going to trust Google with their health records?

National Scope

National scope interferes with obtaining a critical mass of records needed for value, because having a small fraction of someone’s medical records has no value. For example, having 50 percent of a patient’s medication history has no value. A provider must still ask the patient about medications.

EHR Subsidies

Google failed to address the need for EHR subsidies to ensure the data are electronic: Even if Google or Microsoft’s HealthVault had the capability to access every piece of electronic data in the country, it wouldn’t necessarily be helpful because most of the data are still on paper.

Business Model

Google’s business model for Google Health was the same as the business model for Google itself, which is based on revenue from advertising. While some people will be looking at their records in a health record bank, mostly people will not.

All these issues can all be addressed with a more effective health record bank model.

Our distinguished colleagues assert that the model we are proposing is unproven. While we agree, the HIE model that is being pursued today has been disproven. After years of work, it has failed repeatedly. It failed in Santa Barbara, CareSpark in Tennessee, in Pennsylvania, California, and others. The landscape is littered with failures. Very few are even partially successful, and even Judy Murphy’s wonderful keynote yesterday, which presented a very optimistic assessment of what was going on, showed statistics indicating that very little data are actually being exchanged.[11] If there were a proven solution, we wouldn’t be having this discussion. As a consequence, we must by definition try something that’s unproven.

Sustainability

Health record banks may be operated at very low cost, $6 to $8 per person per year, and have multiple revenue sources including apps, advertising, and anonymized reports with permission for reuse. HIEs have no established long-term business model to deliver comprehensive information, and those very few HIEs that are sustainable in their current form are not delivering comprehensive information. What about the idea that patients will not pay for apps? It is true that no one has proven that patients will pay for these kinds of apps. However, according to Mobclix, the average cellphone user is generating $17 per month in revenue from apps.[12] Our estimate is that just $16 a year in revenue is sufficient to operate a health record bank. One example is a “peace of mind” app: if a patient’s health record bank account is accessed by an emergency physician, the patient’s loved ones are immediately notified. I believe most people will gladly pay $20/year for this.

The PCAST solution

The PCAST solution of metadata tagging has serious problems. Once you add metadata tags with privacy preferences, assuming the data can somehow protect themselves when they are released (which is dubious), these preferences cannot be changed. Furthermore, the idea that such a digital rights management (DRM) approach would work with medical records really does not stand up to the test of reality. DRM was tried unsuccessfully with music and movies.. In each of those domains, there is just one data type and one permission. Medical records are much too complicated for DRM.

Assuring comprehensive records

A key problem with HIEs is that they do not force stakeholder cooperation. In contrast, health record banks accomplish this through the involvement of the patients. HIEs also do not force all the records to be electronic. Even the most optimistic estimates of EHR penetration indicate only 50 percent physician adoption by 2014 or 2015, which clearly does not result in fully electronic information.

STATEMENT SUPPORTING THE PROPOSITION

Latanya Sweeney (LS)

Dr. Halamka mentioned Massachusetts, so let me start by saying that my team is also in Massachusetts and has interviewed members of the Google Health team. Relying on an eyes-on-page business case is one of the reasons Google Health failed; most people do not visit their health information frequently.

We have introduced a new research project called MyDataCan that helps individuals manage access to their own personal data. The goal is not just health data but to focus on providing apps that use data across all the silos of personal health information. We want a person to be able to improve his life using his own data. In order to do so, a person needs access to the full spectrum of his personal information.

My colleagues at MIT and Northeastern have already shown some dramatic results combining personal health information with financial and phone data, for example. MyDataCan also promises long-term sustainability. As Dr. Yasnoff pointed out, something on the order of $16 a year in app revenues per user should be sufficient to sustain the system; this amount seems nominal.

Efforts like MyDataCan can also help in sharing personal health information for many worthy purposes. In fact, consumer-mediated (or patient-mediated) exchanges of personal health information, like MyDataCan, resolve the very trust issues that HIEs cannot resolve themselves. I will quickly review six of these issues

Provider Liability

A primary goal of an HIE is to support the reuse of test results, because doing so could eliminate unnecessary duplicate testing and thereby reduce cost. To accomplish this, the source of the test result must be reputable. The image cannot be modified. The results must be accurate and associated with the correct patient. We already certify laboratory test results and the experts who source these reports. We can have them use digital signatures to preserve the integrity of the contents to verify they are being sourced from the expert or laboratory, but the complication of provider liability remains. Credentials are not the same as trustworthy relationships. If a provider acts on the results she gets from an HIE, even in part, she increases her malpractice liability. Providers tend to trust specific experts and laboratory tests based on personal and professional relationships. When a provider accesses results from an HIE, the information on which she will base decisions may be derived from relatively unknown experts.

Now consider consumer-mediated exchange. When a patient grants electronic access to his digitally signed test results, the provider reduces her liability because the patient now attests that these are the digitally signed results and decisions made by the provider based on the results is borne in part by the patient. In summary, HIEs can introduce errors and chain of custody problems that increase the malpractice liability of providers, but under patient mediation, this liability goes away.

Data Correctness

There are variations in the design of HIEs, but fundamentally, an HIE passes health data from one party to another, such as from a laboratory to a provider, from a hospital to a provider, and so on. Some designs hold the data centrally, and others merely move the data between repositories. A critical problem in all these HIE designs is propagating corrections or updated information. A provider cannot know whether she is working with old or incorrect data that were subsequently corrected at its source or elsewhere. Suppose Dr. Alice writes a prescription for a patient. The information forwards to the HIE. Dr. Bob, the specialist, downloads the prescription information as part of his involvement in the patient’s care. When the patient arrives at the pharmacy, the pharmacist communicates with Dr. Alice about a drug interaction problem, and Dr. Alice verbally agrees to the changed prescription. The original prescription that forwarded on to the HIE is now incorrect. If the updated prescription forwards, it would likely append to the information, appearing as a second prescription not replacing the first.

Now consider consumer-mediated exchange. Because the patient is the focal point of information collection and sharing, updates and corrections can be proactively promulgated to those active in his treatment. There is no need to send update notices to all prior data recipients, only to those active in his care, and the information can be provided and reviewed for just-in-time care decisions. In summary, HIEs do not propagate updated information or notifications of changes to earlier recipients of data, and if an HIE were to do so, it would risk ending up with multiple unresolved entries. But under a patient-centered model, corrected information resolves locally and is efficiently shared.

Identity Management

An HIE has to match patient information automatically from many sources. Knowing to which patient a piece of information refers is difficult. At first glance, you might think Social Security numbers are the answer because each patient should have one. But not everyone covered may have a Social Security number and insurance companies often associate the Social Security number of the primary policyholder to others listed on the same policy. This makes Social Security numbers unreliable in family member medical records.

Using names and dates of birth to resolve family members can cause collisions because names and dates of births (among twins and multiple births) within families are not necessarily unique. HIEs tend to use ad hoc schemes based on combinations of names, addresses, and birthdays, without actually knowing whether the combination they request is sufficiently unique or accounting for the temporal nature of address changes.

Now consider consumer-mediated exchange. Information organized by the patient allows the patient to disambiguate and identify which piece of information belongs to whom and to signal about missing data. In summary, HIEs may mismatch data to patients, but under patient mediation, patients can help in these situations by vetting data as accurately belonging or as being missing.

Data Segmentation

HIEs are required by law to segment some forms of data that the law considers sensitive. An example is HIV status. The intent of the law is to provide patients with some additional privacy protection by sequestering specific data. It operates under the belief that not every provider needs to know all of the patient’s information, so the law dictates which information is so sensitive that it must be segmented from the rest. The complication for an HIE is knowing what data to suppress or segment, because other data can lead to the inference of what was supposed to have been suppressed by law.

For example, suppose we do not want to reveal that a person has HIV, so we might suppress the diagnosis of AIDS. Then after some thought, we might realize we should also suppress the prescription for azidothymidine (AZT). Are there other pieces of information that may imply the patient has HIV? For example, the specialties of his doctors or the appearance of a pattern of specific tests can also imply a patient has HIV, and those combinations of information may not be redacted. Locating all items that could lead to such inferences is difficult, and missing them may leak information and thereby increase liability.

Now consider consumer-mediated exchange. Allowing a patient to select what information he wants to sequester not only improves his satisfaction, since any two people may not agree on which pieces of information are sensitive, but also leaves the inference problem to the patient, which is beneficial because what a patient decides to share is fine by law. A patient does not have to enforce segmentation requirements. If a patient decides to withhold critical information for his care, then the provider has no liability. In summary, HIEs are required by law to segment sensitive data, but under patient mediation, patients can make independent sharing decisions.

Data Completeness

A promise of HIEs is to use consolidated information over time and across providers to improve medical decision-making for the patient. When presenting a medical timeline for a patient, how does a provider know whether the HIE presentation of history is missing information? The consequences to patients can be devastating.

For example, a 24-year-old woman, Eve, sees Dr. Faye after her obstetrician noted a murmur on a prenatal examination in her 21st week of pregnancy. She denies any symptoms and reports no history of allergies. The HIE delivers prior medical information for Eve that reports a filled pharmacy prescription for penicillin with no other encounters until the pregnancy.

Dr. Faye recommends an endocarditis prophylaxis and prescribes Biocef, to be taken orally. Life-threatening complications result because Eve did not remember, and Dr. Faye did not know, that Eve has a penicillin allergy with an immediate hypersensitivity reaction even though the HIE summary included a prior prescription for penicillin. What was missing was a visit to the emergency room shortly after the penicillin prescription was filled.

In summary, HIEs cannot know what they do not know. Under a patient centered model, patients can review and comment on data, including missing data and patients have a vested interest in doing so.

Sharing Data Beyond the Patient’s Care

The business model to sustain most HIEs remains uncertain. The most likely possibility is the sale of patient data to generate revenues. If so, this will cause a dramatic increase in the risk of economic harms to individuals. Worse, there is no way of knowing to whom an HIE gave or sold data. Virtually no HIE is a government entity, and therefore one cannot even issue a Freedom of Information request to know to whom data were given or sold. Examples of the nature and harms of hidden data sharing can be viewed at theDataMap.org. This website attempts to document all the places patient information flows and identifies resulting risks and harms to individuals. The depiction of data sharing before and after the promulgation of HIPAA reveals a dramatic increase in sharing, while the results of re-identification experiments exposes the risks. With HIEs coming on board, industry experts estimate the sale of patient information to be a $2 billion market this year, and growing to $10 billion within 5 years.

In summary, data sharing with HIEs is hidden from patients who can suffer real harms from the sharing. Under a patient-centered model, patients are involved in sharing and can therefore know to whom data are shared or sold, making potential harms more transparent.

REBUTTAL TO DR. SWEENY’S STATEMENT

MF

HIE is a verb, not a noun. It is an economic model. It is an exchange between buyers and sellers. It is an immature market. It is all churning and changing; reviews critical of HIEs should not be taken as the final word about the need for data exchange. I will accept that the HIE organizational form as we have generally seen it has failed. But to dismiss exchange completely would be throwing out the baby with the bathwater. HIE is fundamentally different today. HIE, as the verb, is a foundation for accountable care organizations, clinically integrated networks, and many means of interacting with clinicians, patients, and health plans. That is HIE today.

Not only is it important to think about this new market and opportunity, it is important to exchange both clinical and administrative data. Exchanging clinical data only is a bit of a Potemkin village and risks ignoring the use – and misuse – of administrative data. So much of how we use data is driven by costs, benefits, and simple economics. The health record banks may be a good way to achieve our common aims.

I would like now to return to the points in Dr. Sweeney’s statement.

Provider Liability

Provider liability can be addressed. Most of the providers I know honor even more rigidly their Hippocratic Oath in exchange for a more complete data set to ensure proper care. No matter how we manage privacy, we must bring more information to the point of care and ensure that providers no longer have to fly in the dark.

Data Correctness

Propagating corrections to data is complicated. It is not clear how we can assure such propagation, even with a consumer-mediated exchange.

Identity Management

We built our HIE system in Memphis so that clinicians could disambiguate identities by associating every data item with a specific demographic profile. But we encountered only vanishingly small numbers of data matching problems. Every argument that my opponent has made is a valid argument, but there are other ways of addressing each of these within our current system while we try to evolve to a greater patient-directed presence.

Data Segmentation

Let us go back to the Hippocratic Oath and the preferences for practitioners to have access to more data but to trust them to honor privacy concerns. Segmentation may help with some of the anonymization issues and mitigate risks of re-identification. In my view the challenge of re-identification always exists, and certainly in the general exchange setting, every text report may conceal within it something that would be held private in a data segmentation approach. I advise that unless one is certain of the use of text reports, if one wants to protect any secret, one should simply try to opt out of everything – or simply trust the providers who have access to PHI.

Data Completeness

Patients can make errors too! I can articulate preferences that are not really what I wanted to have done. Our preferences change as our circumstance and understanding change. You cannot possibly understand what you are getting into when you are a consumer until you become a patient facing a serious illness. When you become a patient, you may not have the necessary clarity of mind to alter your privacy preferences. At these times, one must rely on the concept of the trusted intermediary again.

Sharing Data Beyond the Patient’s Care

Data monetization is an enormous issue where boundaries are necessary. There are limits that we all agree upon—some reasonable use of our medical data. It is the extremes, such as the secret use of our data, that disturb. I therefore like Dr. Sweeney’s most recent project, where one gets the idea that each data item is associated with a “tracer” that tells us where the individual’s information goes. A comprehensive understanding of this idea would advance the public debate.

But as long as I am expecting my health care to be paid for by somebody else, I have an obligation to provide fiduciaries with some access to my data. In one sense, I am monetizing my own data in that I profit by receiving coverage I do not directly pay for. I am getting a good deal in that. If I buy more of something (such as a redundant test) because I think that it is good for me, again, I should in some way be accountable. My patterns will not be known if someone in authority doesn’t know what I am doing with resources. I should not be able just to opt out of that accountability.

But, if I am a libertarian and paying for it all, then that is a different argument. We have tried to honor this spirit in the new laws where services delivered but paid for in cash do not require disclosure. Technically, this is a challenge to implement through current hospital systems technologies.

It is not simply that our health care system is dysfunctional (which it is). It is not so much that it is hard to navigate inside that dysfunctional health care system. It is broader than any current care-delivery approach. If we do not address the fundamental economics–if we don’t align the public responsibility as a social good—the problem will persist.

What will exchange look like in the near future? I envision “clouds” of ACOs and clinically integrated networks, where there is a very tight trust of financial necessity with wide patient consent. How these clouds communicate is the issue. Perhaps the health record bank can serve as such an intermediary, assuring us of control when we migrate out of our normal care circumstances. I am merely arguing that this model is not the only approach. There are many ways of addressing these issues and I believe we will see an evolution over the next decade. I simply believe that an abrupt and radical change is inconsistent with usual societal behaviors.

STATEMENT OPPOSING THE PROPOSITION

JH

I actually completely agree with Dr. Yasnoff and Dr. Sweeney that I love the idea of patient-mediated exchange. From a privacy perspective, it is an excellent idea. Patient Centricity is what ONC wants and what we are working toward.

But remember the question that we are asked is about rapid development. I argue that development of patient-mediated exchanges will not be accomplished rapidly. Identity management on 300 million people is challenging. Imagine the challenge of issuing digital certificates to every citizen and identity-proofing every citizen. Providers are already dubious about HIE in general. If I tell them the patient is now going to receive the data, apply privacy preferences, and then forward the data, my providers will say, “Hmm, there’s a non-repudiated liability issue. Did they change the Tylenol No. 3 to Oxycontin?” We agree that patient centricity is a goal; ensuring data integrity will be required. As I mentioned, there is a lack of current products to support consumer-mediated exchange. We all hope that there are going to be mobile, modular, “datapaloozas” to fuel new products that run on your iPhone that do this, but such products do not exist yet.

We certainly found in our Massachusetts experience that it is easier to start with entity- or organizational-level exchange rather than individual-level exchange. When my wife’s record went from Partners HealthCare to Beth Israel Deaconess, there were only two certificates and two network nodes involved, because it was organization to organization. Now, obviously, once it arrived at the organization, internal processes put the record in association with the right patient. But think about the ease of doing what I just said: two nodes, two certificates, as opposed to 300 million identities to be managed. I would argue, as would my colleagues in the EHR industry, that today’s EHRs are designed for provider-to-provider data sharing. They are not yet creating this notion of an EHR going directly to a patient. So the products we have in place at the moment are more amenable to a provider-provider exchange. I will give four specific reasons why provider exchange can be developed more rapidly.

Simplicity

In Massachusetts, we recognized that of our about 20,000 providers, 5,000 were affiliated with large organizations such as Partners Healthcare and Lahey Clinic. We contracted with a firm to build an appliance that is connected to the network and offers six simple ways of getting information: Secure File Transfer Protocol (SFTP), copying over shared network drive, Representational State Transfer (REST), Health Level 7 (HL7), Transmission Control Protocol/Internet Protocol (TCP/IP) and Simple Object Access Protocol (SOAP). This did not require any reengineering of existing EHR products to do provider-to-provider exchange. Our trust fabric was simple. We hired Symantec to do certificate issuance and revocation on the major provider-entity organizations in Massachusetts. This turned out to involve 5,000 providers in big organizations. When we included the midsize organizations and a couple of small practices, we needed about 500 certificates to cover the whole state with 7 million patients.

Provider-Mediated Exchanges Already Exist

You can cite the early examples of Santa Barbara, but that is like saying that in 1874, the automobile did not work very well. But now we are driving Priuses. Ashish Jha published a paper in which he reviewed every existing HIE in the country[6] and concluded that there is an amazing rise of private HIE because of the need for accountable care organizations. Global capitated risk is forcing the creation of fully sustainable, rapidly developed, provider-to-provider exchange. As Dr. Frisse said, we now are seeing a realignment of incentives to do the exchange. People are incented to share data. We have examples in Massachusetts and Indiana. There are some public HIEs that are working very well and are sustainable, but the real rise of the private, provider-based HIE seems to be the trend.

Policy

How do we send data from place to place today? There is a great deal of paper and faxing. How do we actually handle that from a policy perspective? We ask patients to sign a consent to disclose, and then we push their data in some - usually nonelectronic - way. Provider-to-provider exchange in Massachusetts actually just replaces the fax machine with a set of network operations. It did not require any policy change. In fact, it did not really require any workflow change. All we did was disconnect the fax machine and put an appliance in its place. It already exists. Policy doesn’t need to be changed.

Stewardship

Existing EHRs and PHRs support collecting data from across endpoints in the community in what I will call the patient-centered medical electronic home. At Beth Israel-Deaconess, I can aggregate and normalize information and place it in the patient’s PHR for him or her to view. We have achieved great satisfaction by taking data from multiple sources and giving them to the patient to view without requiring patients to be the stewards of their own data.

Let me tell you a story about my mother, who consented to release her medication information to you. She recently broke her hip in a fall in Los Angeles. I found that the hospital had placed her on 22 medications when in fact she takes only two. I asked “As a provider, can I have her medication list, so I can correct it?” They said, “No. We want to be very patient-centric. We need your mother to consent and be the steward of her own data transmission.” But wait! She has been given 22 medications, and her mental status is completely altered. She cannot be the steward of her own data. I actually had to go to the Case Management Department and convince them that provider-to-provider exchange was the only way around this policy quandary. Ultimately, I discontinued all of her medications, and within 12 hours, she was back to being able to be the steward of her own data.

I tell you this because I believe patient-centric, consumer-mediated exchange is good but that it is just not going to work in all circumstances. It will not be the preference of all individuals and there are going to be many cases where the individual cannot be the steward. So we should do both. I would argue that provider-centric exchange will be faster and will get to a foundation with provider-centric exchange that will enable the consumer-mediated exchange.

REBUTTAL TO DR. HALAMKA’S STATEMENT

LS

The idea that someone is not able to make decisions, is obviously taken care of in MyDataCan and other projects like it, and can even be done by the same mechanisms. One can go to case management to can get overriding cooperation.

One point mentioned several times has been that we want the exchange to be available now. MyDataCan is operational right now and can grow easily. It did not take ten years to get here; it took ten months. It did not require tens of millions of government dollars, and I have 1,200 physicians who would be happy to sign on if it were operational in their community. We are getting dramatic approval for patient control because it solves many problems quickly and easily.

Dr. Halamka raised the issue of information-hiding by patients. By having the source of the information digitally sign the information, we are guaranteed that the contents are not modified. A patient can annotate information, but cannot change the original content. Different models of these systems may have different features. In comparison, let me point out that patients already hide information from physicians. In two national surveys conducted by the California HealthCare Foundation, 13 to 17 percent of all patients admitted to information-hiding behaviors.[13]

With respect to private HIEs, there are serious problems with sharing information beyond the care of the patient. HIE business models often rely on the sale of patient data. As I mentioned earlier, virtually no HIE is actually a government entity, and therefore one cannot issue a request even to know to whom data were given or sold. Together, the lack of transparency and accountability poses a dangerous problem for individuals who can suffer economic losses. There is also no incentive for HIEs to work with each other. They just become larger silos of patient data. No longer will the largest silos be hospitals, they will be regional HIEs.

With respect to liability, such questions are reduced or eliminated with patient-controlled access. The liability of MyDataCan, the HIE, or some other entity is the same, so the real difference is pushing decision-making and access control to the patient. Doing so reduces liability.

Dr. Halamka mentioned trust. There is less trust needed for a system like a health record bank or a MyDataCan approach than is needed for an HIE because individuals are already making decisions. Since they are a part of the process, consent is implied. I agree that these models are not completely competitive with HIEs. They just seem better, and less prone to failure than HIEs. We can continue to struggle with these decade-old designs for HIEs, but with today’s technology, we have an opportunity to rethink them and do it right.

In summary, I would emphasize the following points:

Patients have more in the game, and we should leverage that. It is their health and their life. We should use that to offset the problems that we have seen in HIEs.

There is a problem of data correction. HIEs cannot reliably propagate changes, but a patient-centered model can proactively notify others of changes and can make sure the information presented to a provider is the most accurate.

There is the issue of identity management. Ad hoc guesses to match pieces of information to the right person are fraught with perils, but we can actually leverage individuals to vet their data and alert to missing data.

There is the issue of data segmentation. Federal law requires that some kinds of medical facts be protected. Doing so is actually extremely difficult, if not impossible, to implement through automated means, but turning certain tasks over to the patient allows fine-grain personal decision-making and the patient assumes the risk.

There is the issue of data completeness. Missing information can have dire results in the HIE model, but in the patient-centered model, patients can spot missing information and provide incomplete data with verbal annotation.

Lastly, there is the issue of sharing patient information beyond the care of the patient. Privately operating HIEs engage in data sharing that is hidden from patients, even though the patient can suffer serious economic harms. In the patient-centered model, the patient has knowledge of, and is a party to, the data sharing.

QUESTION AND ANSWER PERIOD

The above debate concluded with a question-and-answer period. Most of the questions from the audience were not captured verbatim in the session recording and have been paraphrased here. Participants are identified where possible and in those cases have approved the text of their questions and comments provided.

Attendee

What business models have been successful for HIEs?

JH

In Massachusetts, we looked at the value proposition to the stakeholders, including providers (especially those in global capitated risk contracts) and payers who had manual processes in which case managers were driving to hospitals to look at records. These stakeholders found a value proposition in getting data electronically. The cost of an appliance is about $8,000. We charged BlueCross $27,000 and we charged the big provider organizations two or three times the cost of the appliance, so that the smaller provider groups could get appliance for $1,000. Patients didn’t perceive any value so, in our view the payers, the providers, and the trusted third parties had value-added services. We never, ever sell patient data to anyone, so that was not part of our model.

WY

There are many business models possible. The business model we’re suggesting with apps assumes that many patients will not pay anything for any apps. If only a reasonable fraction of patients pay for a reasonable number of apps, which is all voluntary and optional, enough revenue is generated to pay for the system for everybody. To put the cost in perspective, our estimates are that a bank will cost $6 per person per year at scale, and the cost of providing cloud-based EHRs for every outpatient physician is $10 per patient per year. So, for $16 per person per year, a health record bank can be operated. That’s less than 0.2% of health care costs per person - a very modest amount.

Here is another perspective. The average cellphone bill in this country is $47. The cost of a health record bank is on the average a little bit over $1 a month, and the benefits from having comprehensive electronic patient information available when and where needed is probably worth more than that. I think this business model would be a relatively painless way to get patients to pay for a health record bank without requiring every patient to pay for it.

There are certain apps that the health plans would sponsor. For example, an app called Prevention Advisor would deliver reminders of needed preventive services. The reminders repeat until the patient actually gets the recommended care. It would be in the interest of payers to fund such an app, which is a better way of delivering value than insisting that the payers provide up front financial support.

Attendee

How active are patients once they sign up for MyDataCan?

LS

If a patient isn’t active at all, it’s exactly the same as an HIE. So, in other words, if the data are missing and they don’t say, “My data are missing,” then you didn’t gain any of the benefits on it. But also you don’t lose anything. Whatever bar the HIE sets, you just guarantee the opportunity to be better than that bar, rather than to say, “I need everybody to be on top of their data,” because not everybody is going to be on top of their data.

At Harvard, we are experiencing a very slow rollout for several reasons. The people who are currently using MyDataCan are primarily college students who don’t have much interest in medical information, because most of them are not particularly ill. But they are really interested in the kinds of things that they are able to learn from their medical data when they cross it with other things, like prediction. One app from MIT predicts severity of illness over time based on diet. If it notices from your GPS data that you keep eating at a fast food restaurant, it says “that is really not a good idea”. I am trivializing; it is actually far more interesting and sophisticated, but the point is that people are finding many uses for their data. So far, the young 20-somethings who are using MyDataCan are very excited about it and are very active.

MF

One of the challenges to continued active use is alignment of incentives. Using Dr. Sweeney’s example, when you drive a car safely, you get a discount. If you were to eat safely, how about a safe eating discount on your health insurance? Alas, we don’t have such a thing. So people can go to a fast food restaurant and smoke and do all kinds of horrible things, and they don’t recognize the consequence. It’s because of this lack of “skin in the game” that we’ve only seen about 25 percent adoption of PHRs.

WY

While we all agree that we would like to see all patients active in their health and in their medical care, and to access and be involved in their records, it’s not going to happen anytime soon. It may never happen.

A key advantage of the health record bank model is that all patients have to do is sign up and check off the default consents, which allow all their information to be available to all their current providers. In this way, even if they never do anything else, they still get the benefit from their information being collected and being available to all their providers; there can be huge benefits without any patient engagement.

Of course, patient engagement is great, and health record banks certainly facilitate patient engagement. Patients can check and interact with their records, but the basic benefits are not dependent on such engagement. People are busy and are not likely to pay much attention to such systems. All the available data show that we’re not going to get huge majorities of patients active in their personal health records anytime soon. Nevertheless, health record banks can still provide a benefit.

Attendee (Charles P. Friedman)

Do HIEs have consent issues that differ from those in record banks?

WY

Yes; the difference with the HIE relates to the privacy issue. HIEs are trying to move information without consent, which causes huge problems, and people don’t understand that their data are moving around without their consent. When they do, lawsuits against HIEs arise, as they have in Rhode Island. But the critical issue is stakeholder cooperation; HIEs depend on voluntary cooperation from the stakeholders, but they cannot be compelled to provide information. By engaging the patient to request the information, stakeholders are forced to provide it, which enables comprehensive information. Then, of course, there is the sustainability issue. HIEs are inherently more complex, cost more, and they’re more difficult to operate.

These are issues that are not going away, and these challenges have led to the discouraging results we’ve seen with the HIEs over many years. While it’s certainly true that you can create a mechanism to exchange data and you can create mechanisms for point-to-point exchange, these do not by themselves solve the problem of delivering comprehensive electronic patient records at the point of care.

When I started working on Health Information Infrastructure at HHS in 2002, the number of patients who got their care in the presence of their complete information was zero. Today, the number of patients who get their care with complete information is still zero.

JH

You actually raise a very important point. In Massachusetts, we have a state law called Chapter 305, which requires opt-in consent to disclose data. So, in fact, we do not exchange data unless there is patient consent ahead of time. The challenge and what we’re building as phase two, is to record consent in a centralized manner, so that provider-to-provider exchange with a central consent repository can be done more rapidly than the consumer-mediated exchange.

20LS

We are not talking about gross consent in these models; we are talking about fine-grained consent. You can have opt-out or a check the box that are similar to gross consent because you don’t want to be bothered, but you can also be more active and you can have more control. And you get the audit trail right there for you personally of all the places the data went, even if you weren’t actively engaged in it.

Dr. Frisse says that 25 percent of the patients will often take action in this study. So, we can set the same floor as we do for HIEs, but for the 25 percent of the patients who want to be more actively involved, we create an infrastructure for them to do so.

Attendee (Charles P. Friedman)

How do you handle patient identity?

JH

We’ve tried to constrain the problem a bit. How many Mary Smiths are there in Massachusetts? Thousands. How many Mary Smiths are there in a given provider’s practice? One or two. So by doing provider-to-provider-directed exchange, you constrain the number of matches of Mary Smith to a small number the provider has to look through. Probabilistic matching that looks at name, gender, date of birth, Social Security number (which we cannot use in Massachusetts), or other demographics, have proven to be effective. The magic bullet, because we’re still only achieving sensitivity and specificity in 99 percent or so, is a voluntary opt-in identifier. We all know that Bill Clinton signed an executive order actually preventing the U.S. from issuing a national health care identifier. So, in Massachusetts, we are seriously looking at the issuing of a direct address as a voluntary opt-in identifier for the patient, so that then when a provider-to-provider exchange occurs, we can also send a copy to the patient with a known identifier unique to them.

WY

With all due respect to the Europeans, a national unique identifier is not needed to solve this problem. Such a unique identifier is necessary to do provider-to-provider health information exchange because you’re drawing information from multiple sources about patients that have to be matched in real time. Without that unique identifier, the matching problem can’t be solved.

But health record banks don’t need to do that. Your credit cards have numbers that uniquely identify you to your credit card issuer, but are not nationally unique identifiers. The scope of those identifiers is limited to the credit card company. If you lose a card, they will invalidate that number and issue a new one. Health record banks would work the same way. The health record bank has an account number for you. The scope of that account number is only the health record bank. As data flow into the health record bank from various sources, an equivalence table is created mapping the HRB account number to the sources of the information. When a piece of information is received from a Mary Smith and the bank can’t figure out whose account it belongs in, it is held. It is not deposited in real time in whichever account the HRB thinks is the right one. Instead, human beings can call the provider, or even call Mary Smith, and figure out who she is and deposit her information into the right account. The deposits come in when the information is created, so it is not necessary to assemble the information in real time when it’s needed.

One of the big advantages of health record banks is that a unique identifier is not needed. This is important because, in the United States, we’re not likely to have such a unique identifier any time soon.

Attendee (Edward H. Shortliffe)

I am a little concerned that it may sound as though we are equating health record banks with PHRs and the Microsoft and Google experience. It seems very clear from many of the things Dr. Yasnoff said that there is an important set of organizational distinctions in the financial models and the role of patients. That said, there may be an impression that the health record bank notion is pretty abstract - a mental exercise. Can you talk about real examples, either in the U.S. or abroad, of HRBs being created and the experiences to date?

WY

There are four small health record banks operational in the U.S. at this time, all in Washington State. A study of Health Information Infrastructure in that state in 2006 [14] recommended health record banks to solve the health information infrastructure problem, and subsequent appropriations funded the development of several pilots. One of those pilots at Madigan Army Medical Center could solve the longstanding problem of DoD-VA connectivity. If the DoD and VA health systems would just deposit information about people into one place, they wouldn’t have to connect to each other. Internationally, there is a health record bank being developed in Rotterdam in The Netherlands, for all the reasons that have been stated: to solve the privacy problem, to ensure comprehensive information, and to give people control over their information.

If you survey consumers and ask them about consent, most consumers believe that their information is only being used with consent all the time. They believe that the HIPAA form that they sign at their physician’s office, which essentially notifies them that they have virtually no rights over their information and that it can be used without consent for treatment, payment, and operations, is actually a consent form. They presume that if they didn’t sign it, then their information couldn’t be used. Of course, that’s totally incorrect.

The real danger is that when consumers realize that all this exchange of health information is happening mostly without their knowledge and consent, there will be a political backlash, much like the one that occurred when the HIPAA law was enacted with the requirement for each person to have a national unique identifier. When HIPAA was debated, there were hearings in the House and the Senate, it was passed, the President signed it, and then the public found out that there was going to include a unique identifier. They said “no” to that; it wasn’t a huge percentage of Americans complaining about it, but there was an outcry and the unique identifier requirement was rescinded.

I fear that same backlash if we continue on the HIE path and do not give people the right to control their medical information that they had from the founding of our nation until 2002 when the HIPAA privacy rule was finalized.

MF

I just need to reiterate that if there’s a difference, it may be just in what we call an HIE or HIO. These capabilities have evolved significantly over the past few years and are now driven by accountable care systems more consistent with Dr. Halamka’s arguments. In every case, there needs to be a network or you’re out of business. I find many of the criticisms of the first generation RHIOs irrelevant to what I’m doing today. I think it’s important that you decide for yourself whether that’s the case.

JH

I didn’t mean to imply that Google or Microsoft HealthVault are fully mature health record banks. They were early examples of the sorts of features you would see that would evolve into a health record bank. I think we should start with provider-directed exchange and then add other products when they’re ready.

LS

I disagree with that. It’s very simple. If I had one one-hundredth or one one-thousandth of the resources that have been put into HIEs, it would be done without the need for HIEs.

Attendee

Is this technology particularly relevant for particular patient groups?

LS

Almost before MyDataCan was announced, we had a long list of companies who basically really believe that. I don’t know how many of you know the governor in New Jersey who won based on his weight loss. He blogged about it, and he had a huge number of followers. Many companies have seen that as an inspirational movement to change the status of health among group categories of Americans. They want to do these contests and similar interventions. A vehicle like MyDataCan becomes perfect for that. We may actually see how again the data are used to change people’s lives by putting it in a way that people can have access to it.

MF

I’m all for empowerment. I think it’s really exciting, but I think to just focus on rights and preferences without focusing on the transparency of how patients make informed decisions and have some responsibility to public health and to their own cost, exchange is merely automating narcissism. You’ve got to put it all in one package – clinical, administrative, responsibility. Let’s inform people about every aspect of our health care system that impacts the use of their personal health information.

JH

And our early experience in patient-family engagement is that a consumer likes to affiliate with a provider and then can ask the questions about their data to the provider, make appointments, renew prescriptions, and get referrals. So the idea of aggregating data provider-to-provider and then sharing them with patients and families and engaging them has worked well.

LS

I would just follow up on one thing, and that is what we really do see with all of the companies. We’ve had a tremendous volume of reaction to MyDataCan, more than we can process. Whether it’s from the research community or whether it’s from the commercial community, what I find fascinating about all of it is that it goes beyond the kind of vision that Dr. Halamka talked about. It’s not about provider to provider. It’s about some other group and your health data impacting your life. That’s very powerful and it’s something that cannot be achieved by only keeping the data locked among providers.