March 29, 2011|Categories: Healthcare Policy and Reform
Data breaches involving celebrities like Britney Spears or Maria Shriver tend to grab the headlines, especially when they lead to indictments for selling the information to media outlets. Those high-profile breaches represent the most visible aspects of data privacy concerns but there are several other wide-ranging and important issues to consider.
While not nearly as likely to garner attention as the stolen medical history of a pop star, a federal advisory committee to the ONC, known as the “Tiger Team,” has adopted the principle of provider accountability for privacy and has made useful recommendations on Fair Information Practices. The committee is also considering whether patients should have more granular control over how and when their health information is disclosed and used. The ONC should consider that if these recommendations are enabled, they could impair consumer goals of availability and access without a lot of payoff on privacy. Patient access to, and input on, their health records is an important privacy and security objective but it can be accomplished without restricting the development of national health information exchange.
Despite the shortcomings of some providers, granular patient control over the movement of health information is not the answer. It overburdens patients and takes the focus off of the more critical patient concerns of availability and access. Under many consumer-directed health care programs, patients are expected to become independent actuaries analyzing their ongoing health care needs and payment patterns. Now we would expect them to be technology and privacy experts directing the flow of their health information.
For example, what if an ATM asked whether you want your information on Cirrus to go to a server across the country before the information is transmitted back to your bank, and it gave you the option to refuse, requiring that Cirrus adopt an alternative workflow? Cirrus would not have been able to build the network giving you access to your money from ATMs around the country.
Relying on consumers to make such nuanced decisions about topics on which most have little knowledge has been expertly analyzed by Cass Sunstein and Richard Thaler in their book on choices and influence, “Nudge: Improving Decisions About Health, Wealth and Happiness.”
Professional health care experts should ensure that health information exchange is done in a privacy-protective and secure manner. Policy should empower doctors and caregivers who control health information exchange to enable responsible decisions on behalf of patients and to help educate them. Patients, on the other hand, should be given clear, easy-to-use methods to access, review, and correct their health records, and to communicate with their caregivers about their health records. Caregivers and patients must also be given the tools to accomplish this with clear, privacy-protective federal standards that fully preempt state law. The patchwork of requirements in the 50 states that often conflict with federal standards obscures the fundamentals for provider accountability.
Nationally-applicable policies not vulnerable to state override are needed to affirmatively protect privacy. Doctors and others in the health care supply chain need to understand them and administer them evenly across national networks. Opt-out should be provided to patients, but only in a manner that does not inhibit the development and effective operation of a national health information network. Patients deserve to have availability and privacy. They shouldn’t be forced to choose between them.