If you’ve read my previous posts, you know that I have a passion around interoperability. This is an area that I’ve worked in and around for the past 15 years. The tools, technology and the willingness to exchange patient data/information has greatly improved in many areas and lagged behind in others.
Records that Can Easily Be Exchanged/Shared
Based upon the most recent rules and regulations coming out of Washington, D.C., it’s apparent that there is a definitive focus on patient record sharing. Please don’t read this assuming I completely agree with some of the approaches that legislators and regulators have established. I think their intentions are noble, but the desire to be the lowest common denominator is setting a low threshold that many see as all they need to do; thus the reason for more and more regulations around “how” data/information should be shared. I’m more of a “tell me what you want to do” than “tell me how to do it” kind of guy.
I had the pleasure of being on a call last week with healthcare providers from around the world. The conversation was around the challenges of a remote workforce and quickly standing up an infrastructure that allows providers to virtually care for their patients. One provider mentioned that the hospital uses one EMR, while the physician practices use another, which makes it difficult to track if the patient has been tested for COVID-19. I’m not sure why it caught me by surprise, because this is the very issue healthcare has been dealing with for decades and one of the primary reasons that the industry is being herded toward this thing we call interoperability.
However, interoperability takes many forms. There are those who believe you can just share a C-CDA record and you’re done; while others are looking for more than just basic information exchange, and would like to see interoperability at the semantic level. Unfortunately, due the manner in which our patient record solutions were organically grown, going back and retrofitting them to utilize a common vocabulary may be a taller order than we know. On the call mentioned above, one of the physicians stated that although they had a robust HIE, not all of the facilities sharing data were using the same LOINC code for COVID-19 testing, making it difficult at best to do accurate tracking and communication of testing between care locations. I found myself grinning as I remarked (to myself) that interoperability is not “just” about the technology, there are any number of barriers in getting it right.
Another component of interoperability is the requirement to ensure that we are exchanging/sharing data about the correct person. As many of you know, I am an advocate of a unique patient identifier. I’m aware that some will (and do) disagree with that approach for a variety of reasons; if you would like to post a comment either in support or to offer another opinion, I would welcome the dialog.
My name is really not that common, but I have been misidentified on more than one occasion. Several years ago, my wife received an email from a friend in Florida offering their condolences related to my passing. Like Mark Twain, the rumors of my death had been greatly exaggerated. On further review, we learned that she had seen what was thought to be my obituary on a website; we learned it was another Charles E. Christian who had lived about 45 miles north. The other interesting thing was that he was a senior, and shared the same name as his son and grandson. And so, within a 45 mile radius, there were four people with the same name, but different birth dates and ages.
There are many other examples I could share. For the sake of reading space, let’s just agree that this is really a patient safety issue, and not only an identity issue. Harm can occur when patient records are combined inappropriately, as well as when they are not combined at all. I’m reminded that many/most of the automated solutions that we have in place today, grew out of patient billing systems; these were never really meant to share information outside of the implementing organization.
This brings me to patient privacy. From the onset of HIPAA, sharing patient information (PHI) inappropriately has been an issue. Early on, we worried about sending faxes to the wrong machine, now we have the ability to inappropriately share information at a much higher rate of efficiency.
As part of the current push for interoperability, there’s a desire to allow the patient to be the keeper/broker of their health information. I don’t disagree that any patient should have access to their health information from any source; however, I’m more of the mind to allow patients to direct trusted third parties (i.e. HIEs, etc.) to aggregate/normalize and securely share their health information appropriately with members of the care teams that either have or will have a treatment relationship with them.
You can call me a little parental, but it concerns me that we are providing the tools for patients to share data with whoever they choose, without them fully understanding the consequences of their actions. How many of us actually read each and every EULA (end user license agreement), privacy statement, or data use agreement? And how many of these agreements have been openly and knowingly broken, with little or no ramification? Once the patient releases their information, HIPAA no longer applies; it’s up the FTC and other federal agencies to police the use and misuse of that information.
Just last week, we saw that in their need and haste to offer virtual visits to patients, providers learned that the Zoom platform was sharing session information with Facebook, even if the patient didn’t have a Facebook account — and without notifying the patient that the information was being shared. Luckily someone found it and Zoom for forced to change their code so as not to share that information. I don’t call it paranoia, I call it certainty.
This piece was originally published on Chuck Christian’s blog, The Irreverent CIO. Christian, who now serves as chief technology officer role at Franciscan Health, has 30 years of experience in healthcare IT, both as a hospital CIO and as VP of Technology & Engagement with the Indiana Health Information Exchange.