Coalition Pushes for Privacy in Electronic Health Records

Coalition Pushes for Privacy in Electronic Health Records
========================================================================

A broad coalition of 26 organizations, led by Patient Privacy Rights,
has issued a letter urging that privacy be included as a core part of
any health information technology (HIT) system. Patient Privacy Rights
was joined by the American Conservative Union, the American Civil
Liberties Union, the Free Congress Foundation, the Christian Coalition
of America, and the Electronic Privacy Information Center in the letter.

Proponents of electronic access to health records argue that a HIT
system can ease medical treatment. For instance, patients who need
treatment when far from home will benefit if doctors can access their
medical records. However, the organizations said that patients should
have the ability to grant or deny access to that information in ordinary
circumstances. "The proper balance to ensure timely access to medical
records for treatment and preserve patient control of medical records
means allowing access in emergencies if consent cannot be obtained, but
requiring patient permission before records are disclosed in everyday
situations," the groups wrote.

The organizations also stressed the need for strong security measures
for any HIT system. In light of the many security breaches reported by
commercial and financial institutions, security standards for a HIT
system must be stronger than those currently used by the financial
services industry.

The flexibility of an electronic system of health records should also
allow patients to control the levels of access for different groups. For
instance, while treating physicians may need access to personal
information like names, addresses, and phone numbers, medical
researchers conducting statistical studies would not need such
information.

Congress is currently considering several health information technology
bills, each named the "Wired for Health Care Quality Act." Last
November, the Senate passed S. 1418, which is awaiting action in the
House. There are also two House companion bills, H.R. 4642 and H.R.
4726.

Patient Privacy Coalition Letter:


http://www.patientprivacyrights.org/site/PageServer?pagename=CoalitionSignOnLtr

EPIC's Medical Privacy Page

http://www.epic.org/privacy/medical/

Patient Privacy Rights

http://www.patientprivacyrights.org/

S. 1418:

http://thomas.loc.gov/cgi-bin/bdquery/z?d109:s.01418:

H.R. 4642:

http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.04642:

H.R. 4726:

http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.04726:

Press Release - Connecting for Health Common Framework

Press Releases

Health and Technology Leaders Release the Connecting for Health Common Framework for Initiating Private and Secure Health Information Sharing

Common Framework provides an essential set of technical and policy components for private and secure health information sharing among existing and developing health information networks

Washington, DC; April 6, 2006 – Connecting for Health, a public-private collaborative of more than 100 organizations, today released its Common Framework: Resources for Implementing Private and Secure Health Information Exchange. The Common Framework provides the initial elements of a comprehensive approach for secure, authorized, and private health information sharing, so that patients and their authorized providers can have access to vital clinical data when and where they are needed. This capability is essential for providing high-quality care and reducing medical errors.

The Common Framework includes 16 technical and policy components, which were developed by experts in information technology, health privacy law, and policy. This initial set of critical technical and policy components demonstrates how various health information networks can share information while protecting privacy and allowing for local autonomy and innovation. The components being released today include technical documents and specifications, testing interfaces, and code, as well as a companion set of privacy and security policies and model contractual language to help organizations interested in information exchange move quickly towards the necessary legal agreements for private and secure health information sharing. The components were tested since mid-2005 by Connecting for Health teams in Indianapolis, Boston, and Mendocino County, Calif., the three communities in which the prototype was developed. All of the Connecting for Health Common Framework materials are available for download at no cost at www.connectingforhealth.org.

"We have long believed that personal privacy and security, values that are prized by the American people, must inform the design and functionality of new health information-sharing networks," said Zoë Baird, president of the Markle Foundation, which leads and manages Connecting for Health. "We put the patient at the center of this effort, and the Common Framework demonstrates that we can achieve state-of-the-art access to life-saving health information without sacrificing privacy and security."

Work on what has become the Common Framework was initiated in 2003, when the Connecting for Health collaborative began to create a Roadmap (PDF, 8.0 MB) that called for the public and private sectors to work together to build an infrastructure that would allow for the rapid, accurate, and secure exchange of health information, essential for improving health care quality and safety. The collaborative recognized that protecting the privacy of personal information needed to be foundational to the design of any system for sharing health information, if it was to earn the public's trust. Connecting for Health understood that achieving that goal would require everyone committed to information sharing to make specific decisions about the technology approaches and policies that would ensure privacy protections.

"We believe it was critical that these technology and policy resources be designed in tandem. Together, they protect patient privacy while enabling the authorized exchange of medical records," said Carol Diamond, MD, MPH, managing director of the Markle Foundation and chair of Connecting for Health. "Our approach to a technical architecture for health information exchange started with a set of policy principles for keeping information private and secure. With that goal and those principles in mind, we tested the technical architecture and developed a set of specific policies that are critical to implementation of the Common Framework."

To protect privacy, the Connecting for Health Common Framework architecture recommends use of a record locator service (RLS), an index that identifies where specific patient records are kept, but not what information the records contain. This approach allows records to be stored locally by doctors and hospitals and only shared electronically with other providers when appropriate and authorized by the patient. The Common Framework also relies on common, open web standards, making this approach both affordable and achievable.

"We demonstrated the exchange of clinical information, by using a critical set of common, open technical standards," said Clay Shirky, who directs the technical work for Connecting for Health and teaches at New York University. "The Common Framework avoids large-scale disruption and huge upfront capital investments by allowing the use of existing hardware and software. It is compatible with current methods of institutional and provider record keeping, while enabling existing systems to exchange information."

"The Common Framework identifies a number of policies which should be commonly adopted to assure that personal health information is managed securely and remains protected," said Mark Frisse, MD, director of regional informatics programs through the Vanderbilt Center for Better Health and co-chair of Connecting for Health's Policy Subcommittee. "These include an overall privacy 'architecture,' policy recommendations regarding patient notification, how users are correctly identified, the audit responsibilities of health information exchanges, how patient information from multiple sources can be linked, and what to do in the event of breaches of confidentiality."

"By participating in the Connecting for Health framework, we demonstrated the tremendous potential of this approach to health information sharing for improving care and sharing life-saving information in our community," said J. Marc Overhage, MD, PhD, senior investigator, Regenstrief Institute and president and CEO, Indiana Health Information Exchange, Indianapolis, Ind. "The Common Framework focuses on how to share information securely, without specifying the features and functions of the medical record systems that it connects. This gives maximum flexibility to local organizations and private companies to shape their own systems and be innovative in creating new products, while connecting to health information networks."

"In developing the policy guidelines for the Common Framework, we wanted to ensure that this approach to health information sharing leaves decisions regarding the sharing of health information exactly where it should be - with patients and their health care providers," said John Halamka, MD, CEO of MA-SHARE and emergency physician, Beth Israel Deaconess Medical Center, Boston, Mass. "This approach protects patient privacy by keeping information with the doctors and institutions that patients know and trust, eliminating the need for national patient identifiers or central databases. The policy components of the Common Framework can save time and effort on the part of many organizations and networks working on health information exchange by providing them with a jump-start in their efforts to address the key policy topics related to sharing health information."

The Connecting for Health Common Framework was tested in 2005 in Boston, Indianapolis, and Mendocino, Calif. The Connecting for Health teams in each of the three communities include: MA-SHARE and its technology partner, Computer Sciences Corporation, in Boston; the Regenstrief Institute and the Indianapolis Health Information Exchange in Indianapolis; and the Mendocino Health Records Exchange and its technology partner, Browsersoft Inc., in California. Together these teams demonstrated that completely different health information networks can communicate with one another and exchange information, even if they operate on different technological platforms, use different registration systems, and organize patient data differently.

"The Common Framework is ideal for our small, rural health care providers," said Will Ross, project manager, Mendocino Health Records Exchange. "Using software based on open standards to achieve interoperability, our network connects a group of community health centers. With this approach, other health providers caring for the most vulnerable Americans or those in rural communities can afford to deliver better care to those who may need it the most."

Connecting for Health believes that the organizations that will benefit most from the Common Framework are those that are prepared and committed to creating private and secure health information exchange through a decentralized approach. To benefit fully, such organizations should be capable of using digital information from remote sources, be in compliance with HIPAA and state rules governing privacy and security of health information, and have Internet access in place and the hardware and software to establish secure communications. These entities should also have an electronic method for accurately linking or separating the records of patients who share the same or similar names within their own enterprise. For these groups, the resources in the Common Framework can reduce the many existing, financial, legal, and technical barriers to achieving private and secure health information sharing, thus encouraging new entrants into the field.

One of the key functions of the Common Framework is to enable a diverse group of existing and developing networks to have a common way to share health information. The Common Framework makes it possible for health organizations working within regions, as well as those that are not limited to one geographic region, such as a group of specialty providers in multiple regions, to have a common way to communicate with one another.

"The Common Framework enables industry to innovate approaches to information exchange to improve health care quality," said Wes Rishel, managing vice president, Gartner Research. "Because it was developed to apply to very diverse communities, it can stimulate private sector development that will greatly reduce the cost, delay, and risk for each individual community."

The broad array of stakeholders participating in Connecting for Health are confident that the Common Framework can accelerate and provide structure to the development of health information exchange, but they also recognize that this approach is still evolving and much remains to be done.

"The resources being released today bring us closer to achieving the great promise that health information technology has to improve the quality, safety, and effectiveness of health care." said John Lumpkin, MD, MPH, senior vice president of the Robert Wood Johnson Foundation and vice chair of Connecting for Health. "The Connecting for Health Common Framework provides a foundation that everyone can build on. Soon we will see doctors, hospitals, pharmacies, software companies, consumer groups, and others adding to and improving the framework. It is a very significant contribution to the development of private and secure exchange of health information nationwide to improve care for each patient."

###

About Connecting for Health
Connecting for Health is committed to accelerating the development of a health information-sharing environment by bringing together an array of private, public, and not-for-profit groups to develop common standards and values. Connecting for Health also works to overcome the technical, financial, and policy barriers to bringing health care into the information age. As one of its first steps, Connecting for Health convened a group of leading government, industry, and health care experts, who have shaped and led the national debate on electronic clinical data standards. The group forged consensus on the adoption of an initial set of standards, developed case studies on privacy and security, and helped define the electronic personal health record. For more information, visit www.connectingforhealth.org.

About the Markle Foundation
Emerging information and communication technologies possess enormous potential to improve people's lives. The Markle Foundation works to realize this potential by accelerating the use of these technologies to address critical public needs, particularly in the areas of health and national security. Markle's overarching goal in the health area is to accelerate the rate at which information technology enables consumers and the health system that supports them to improve health and health care. The Markle Foundation's goal is to ensure that the extraordinary potential of 21st-century information technology to improve the health and health care of each citizen is translated into everyday use as quickly and effectively as possible. For more information, visit www.markle.org.

About the Robert Wood Johnson Foundation
The Robert Wood Johnson Foundation focuses on the pressing health and health care issues facing our country. As the nation's largest philanthropy devoted exclusively to improving the health and health care of all Americans, the Foundation works with a diverse group of organizations and individuals to identify solutions and achieve comprehensive, meaningful, and timely change. For more than 30 years, the Foundation has brought experience, commitment, and a rigorous, balanced approach to the problems that affect the health and health care of those it serves. Helping Americans lead healthier lives and get the care they need, the Foundation expects to make a difference in our lifetime. For more information, visit www.rwjf.org.

EHRs Enter Patient-Doctor Relationships

EHRs Enter Patient-Doctor Relationships
By M.L. Baker, Ziff Davis Internet April 2, 2006
When brought into the exam room, computers act as a kind of third member in the relationship between doctor and patient, concludes a study published in Annals of Family Medicine. Whether the computer enhances or weakens the relationship depends both on how easy it is to use and how skilled physicians are in making use of it. "Physicians were often conflicted between recording data in the EHR [electronic health record] and giving patients one-on-one attention," wrote the study's authors, led by William Ventres of Multnomah County Health Department in Portland, Ore. Is optimism waning over EHRs? Read more here. The researchers observed and videotaped physicians in four primary care clinics who were all using the same EHR system. Relatively simple fixes could help doctors move from being data gatherers to caretakers. For example, most physicians walked straight to the computer monitor with only a cursory greeting to the patient. Others, however, listened to a patient's concern, and then tacitly asked permission to use the computer to review previous notes. According to the study, the EHR seemed to affect the quality of the notes physicians took during encounters; compared to dictated notes, notes recorded in EHRs seem to include less detail about patients' concerns and situations, information that doctors need to persuade patients to adhere to recommended medical regimes. In a separate study published last year, Richard Frankel of Indiana University and colleagues found that doctors who were already skilled communicators could use EHRs to enhance discussions with patients, but that EHRs kept less-skilled communicators from paying attention to their patients. Read more here about the relationship between doctors' communication skills and the use of EHRs. Some problems that occurred had more to do with the computers than with the physicians. Screen templates used to collect information worked well for simple, straightforward problems, but did not capture patients' emotional issues or help manage patients with multiple, interacting conditions. Although physicians did not always think to use screens this way, mobile screens can allow physicians and patients to look at data together. Giving physicians access to the EHR while on call, in the office, or at the hospital was also productive. Because information could be entered during any "encounter," researchers wrote, "the EHR gave physicians and patients the sense of seamless communication." Frankel praised the current study. He said the study, which classified four "domains" of how doctors use and perceive EHRs, could give engineers a framework for designing better systems. Frankel also said Ventres' study showed how doctors need to change their own frameworks for using EHRs. For example, trainee physicians interviewed by Ventres' team balked at learning patient communication and use of EHR simultaneously. Frankel said the young doctors were making an "artificial distinction." "These resident physicians aren't thinking of the EHR as a communication tool, as much as typing up information," he said, adding that physicians will need specific training to change that mindset. "The medical record for so many years has been the private domain of the physician, and the notion of using it as a shared document is relatively new." The Annals of Family Medicine study is available here as a PDF. The researchers also wrote tips for physicians using EHRs that include showing patients information on screen and recording their concerns and situations.

David Brailer is a doctor by trade

Aggressive schedule over next 8 months to get technology into the hands of doctors, patients

David Brailer is a doctor by trade, but as the national coordinator for health IT, he is proving to be more of an engineer.

For the last two years, Brailer has set in motion health IT efforts that individually and in tandem will let physicians, hospitals, insurers and pharmacists exchange patient data to transform the quality of medical care.

Like the gears of a complex machine, he said, the health IT efforts are beginning to mesh and are building a national momentum that promises to change the way physicians go about the business of providing health care and change the way Americans receive it.

“These are all different gears that have to turn together to get the wheel to turn. What’s happening is that they’re all turning and they’re turning slightly out of speed with each other, but they’re all starting to get cranked up,” Brailer said.

The initial efforts that the Health and Human Services Department is cranking up this year will give physicians and consumers their first dose of what is to come. One example would be retiring the medical clipboard holding those paper forms that patients fill out over and over, often with the same information, at their physician’s office. Some consumers will be able to use an electronic registration summary containing information such as name, address and basic medication history, that they can direct their physicians to use.

As each critical cog of the health IT machine turns another notch this year, the success of each near-term result will help propel the realization of long-term health IT goals. Those include adoption of interoperable electronic health records by physicians and hospitals, easy-to-use personal health records that consumers own, remote monitoring systems for patients with chronic conditions, and electronic tools for real-time nationwide public health event monitoring and rapid response to crises.

HHS has seeded or promoted—or greased the wheels of—eight major initiatives that depend on physicians, hospitals, insurers, IT companies and government working together.

Over the long term, Brailer anticipates that the adoption of electronic health records and transformation of business processes in physicians’ offices and hospitals will improve the quality of health care, reduce medical errors and cut costs.

“We’re doing things that precipitate specific examples of change that can be real evidence of what’s to come,” Brailer said.

Grabbing the low-hanging fruit first to show early successes is an example of how the federal government is taking the right initial steps to push health IT adoption, said Robert Cothren, chief scientist for Northrop Grumman Corp., one of the contractors for a nationwide health information network architecture.

“It’s one thing to talk about these things. But if you can touch it and feel it, then you start to believe the stories,” he said.

Besides mothballing the medical clipboard, the public-private American Health Information Community, which HHS secretary Mike Leavitt leads, has made these early health IT uses its goal to become reality in 2007:

• Give authorized providers access to patients’ current and historical laboratory results
• Transmit emergency room and physician office chief complaint data, such as fever or headache, in a standardized and anonymized format to public health agencies within 24 hours
• Exchange secure messaging between physicians and patients so patients can begin to manage the care of their chronic conditions.

Initial standards are the foundation on which these early health IT versions depend. From May through August, AHIC will recommend what government and industry need to do to realize the short-term breakthroughs.

“We want to peel off the low-hanging fruit in May if we can to get started. We’re facing real deadlines for getting some breakthroughs out,” Brailer said.

Major milestones

The Health IT Standards Panel plans to release in late August the first set of standards, which will support the portability of laboratory results as part of an electronic health record system. AHIC selected lab results for the panel to work on because widely accepted standards already exist, making them easy to agree on and simplifying the task of advancing a limited electronic health record capability.

“There’s not this fractious debate that’s been in other data areas,” Brailer said. Another key piece of the puzzle comes in June when the Certification Commission for Health IT will announce its first batch of vendors whose electronic health records systems meet its criteria for exchanging data. Certification will give physicians the assurance that the technology they invest in will perform as advertised.

These standards also will play an important role in the development of prototypes for a nationwide health information architecture. Four contractors are designing the draft architectures, scheduled to be completed by September, and HHS will put these architectures through several levels of review to, in part, make sure the information locator services, patient authentication, security protections and specialized network functions can work together. HHS also will test the feasibility of large-scale deployment.

By the end of the year, the four groups will each produce a prototype that reflects their individual approach. The prototype must be able to function but not necessarily be implemented and operational, said John Loonsk, director of the Office of Interoperability and Standards in the national coordinator’s office.

“It is our expectation at the end of the year, after we’ve gone through a harmonization pro- cess, that we will have identified those standards that will enable the prototypes to be able to exchange data,” he said.

Playing it safe

Brailer’s office also will start work on the biggest challenges: security and privacy. The Health Information Security and Privacy Collaboration will announce state subcontracts later this month in coordination with the National Governors’ Association. The Health Insurance Portability and Accountability Act provides a baseline for health information privacy and security among states. But some states have established more stringent privacy laws, which could pose challenges for interoperability of electronic health record systems. HHS hopes that a partnership between states and federal leaders will evolve to develop models for privacy, and the subcontracts are the chief enabler of that, Brailer said.

One other key piece in the health IT puzzle is an exception to the Stark Law, governing physician self-referral of Med- icare and Medcaid patients, and anti-kickback laws to encourage investment in health IT. The exception, which HHS proposed last year, is about to be finalized, although Brailer said that, by law, he could not indicate when. Under the exemptions, hospitals could provide hardware, software and training to physicians who refer patients to them, which is currently illegal.

“It’s a front-burner issue. The next public step we do is the final rule,” he said.

Equipment question

The anti-fraud laws currently are broad and limit the value of what a provider can give to physicians if they refer patients to the provider, said Peter Kazon, senior counsel at Alston and Baird LLP in Washington, and a former Federal Trade Commission attorney specializing in health care. A large hospital, lab or pharmacy benefits provider likely would want to integrate all physicians with whom they do business into their network.

“Is it necessary for a provider to be giving equipment? That’s a $100,000 question,” Kazon said.

The federal government has a large stake in health IT, since it pays for almost 50 percent of health care costs through Medicare, Medicaid, federal employee health plans and military and veteran health benefits.

Just by getting the government involved, there’s been an increase in interest in health IT, Northrop’s Cothren said.

“In some respect, this has already been a wildly successful program, even though we’re still in the early stages, because all that discussion is new and [government] is very active in moving forward,” he said.

HHS is trying to coordinate activities of all the major stakeholders across an entire industry around adoption of health information exchange and electronic medical records, said Greg DeBor, partner for global health solutions at Computer Sciences Corp., also an NHIN contractor.

“They need to keep in mind all those different groups’ perspectives, to some extent attenuate them, so they can herd the cats that they need to make adoption happen in an accelerated time frame,” DeBor said.

Their progress has been good, and what they have done well is set up transparent and process-driven groups, such as the contract collaborations and AHIC.

Heavy lifting

That coordination effort is getting everyone on the same page and will spur agreement on terminology and standards.

“I can see the heavy lifting that wasn’t being done in large scale across the industry,” DeBor said.

The government is helping to jump-start the health IT market as it has done historically with other industries by putting up seed money to develop new technologies, he said—as it did with the Internet, which grew out of Defense Advanced Research Projects Agency.

HHS’ health IT efforts are a process of moving and coordinating parts.

“I wouldn’t call it quite a clean-turning circle, but we did not want to set these up as separate, disparate pieces. All the pieces flow together with significant interdependencies,” Brailer said.

Ultimately, the adoption of interoperability standards and common terminologies will let scientists mine huge amounts of medical data to identify trends and best practices, said Dave Webster, certified executive IT architect at IBM Corp.’s Business Consulting Services.

“I am convinced that the next big medical breakthrough will occur once we make the use of standard, clinically-relevant codification schemes the rule rather than the exception,” he said.

Technology grants

National Funding Programs

Community Connect Grant Program
Grants to provide broadband transmission service to extremely rural, lower-income communities.
Geographic Coverage: Nationwide
Application Deadline: May 15, 2006
Sponsor: USDA Rural Utilities Service

Internet Project
Provides toll free dial-up Internet access and e-mail to rural law enforcement agencies nationwide.
Geographic Coverage: Nationwide
Application Deadline: Applications accepted on an ongoing basis
Sponsor: Bureau of Justice Assistance

Microsoft Unlimited Potential (UP)
A global initiative that focuses on improving lifelong learning for disadvantaged young people and adults by providing technology skills through community technology and learning centers (CTLCs).
Geographic Coverage: Nationwide
Application Deadline: Applications accepted on an ongoing basis
Sponsor: Microsoft Community Affairs

Public Housing Neighborhood Networks
Provides grants to updte and expand existing Network Neighborhood/community technology centers and establish new NN centers.
Geographic Coverage: Nationwide
Application Deadline: Jun 23, 2006
Sponsor: U.S. Department of Housing and Urban Development

Resident Opportunity and Self-Sufficiency (ROSS) - Family and Homeownership Program
Funding for the delivery and coordination of supportive services and other activities designed to help public and Indian housing residents attain economic and housing self-sufficiency.
Geographic Coverage: Nationwide
Application Deadline: Aug 8, 2006
Sponsor: U.S. Department of Housing and Urban Development

RGK Foundation Grants
Grants that support projects in the broad areas of education, community, and medicine/health.
Geographic Coverage: Nationwide
Application Deadline: Applications accepted on an ongoing basis
Sponsor: RGK Foundation

Rural Broadband Access Loans and Loan Guarantees Program
Loans and loan guarantees for the construction, improvement, and acquisition of facilities and equipment for broadband service in eligible rural communities.
Geographic Coverage: Nationwide
Application Deadline: Applications accepted on an ongoing basis
Sponsor: USDA Rural Development

Rural Business Opportunity Grant
Grants to improve the economic conditions of rural areas including technical assistance for business development and economic development planning.
Geographic Coverage: Nationwide
Application Deadline: May 26, 2006
Sponsor: USDA Rural Development

Rural Health Care Service Discounts
Provides discounts to rural health care providers to obtain Internet and telecommunications access.
Geographic Coverage: Nationwide
Application Deadline: Applications accepted on an ongoing basis
Sponsor: Universal Service Administrative Company

Suggested Links

Here are a few links that were mentioned during the technical subcommittee meeting today.

http://www.hhs.gov/healthit/ahic.html

Office of the National Coordinator for Health Information Technology (ONC) American Health Information Community (the Community)

http://www.cchit.org/

CCHIT The mission of CCHIT is to accelerate the adoption of robust, interoperable HIT throughout the US healthcare system, by creating an efficient, credible, sustainable mechanism for the certification of HIT products

http://toolkit.ehealthinitiative.org/

The Getting Started module of the Connecting Communities Toolkit lays out common principles and early activities for formulating a health information exchange (HIE) initiative.