Upload
frederica-polly-mcdowell
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
Division of Medical Ethics and HumanitiesDivision of Medical Ethics and Humanities
Interoperable Electronic Health Records, the American Reinvestment and Recovery Act,
and Patient Privacy and Confidentiality
Leslie FrancisDistinguished Professor of Law & Philosophy
Alfred C. Emery Professor of LawAdjunct Professor of Internal Medicine
Division of Medical Ethics and Humanities
Goals
• Outline the concerns for privacy and confidentiality associated with the likely increase in use of interoperable EHRs
• Demonstrate the inadequacy of the current HIPAA regulatory regime
• Explain several areas of current debate: de-identification, surveillance, research, and the protection of categories of “sensitive” health information
Division of Medical Ethics and Humanities
Distinguishing Privacy and Confidentiality• Privacy: about access to, control over, the person• Confidentiality: about control over information—how and
on what authority it is shared• The difference matters
– Having information in the system is important for many reasons (research, public health surveillance, treatment)
– But information may not get into the health care system unless people trust control over where it goes
– Depending on the context, we may need to protect confidentiality to protect privacy, or the converse
– Current debates confuse privacy with confidentiality
Division of Medical Ethics and Humanities
Ethically: Privacy as Control of Access• Autonomy—controlling access to the person is important to the
individual’s ability to make central choices about his/her life• Physical security—protection from bodily harm done by intrusion• Freedom from intrusion—into the body, the home, other protected
space• The ability to form intimate relationships through controlling access• Dignity—not being subject to contact, intrusion regarded as
degrading• Identity—protecting access as critical to individual or group identity• Equality—ease of access to some but not to others may affect
social positions (e.g. equality of women)
Division of Medical Ethics and Humanities
Ethically: Confidentiality as Information Control• Autonomy—control of choices about information• Physical security—harm that may result when information is
shared: throwing lepers off the Molokai cliffs or stoning patients with HIV
• Intimacy and identity—sharing information as a way of establishing intimacy
• Equality—protection from discrimination: e.g. ADA, GINA (the Genetic Information Non-discrimination Act)
Division of Medical Ethics and Humanities
Interoperable Electronic Records in Primary Care
• Recent estimates (Health Affairs 2009) are that approximately one in eight physicians in the US today have even “rudimentary” electronic records systems
• Barriers cited in the literature include start up costs, productivity losses, lack of technical expertise, questions about which system to choose
• Clinical value of increased use of health IT is hypothesized but evidence is limited (e.g., Parente & McCullough, Health Affairs 2009); one recent study has linked EHR structural capacity in primary care practices to improved HEDIS measures (Friedberg et al., Annals of Internal Medicine 2009)
Division of Medical Ethics and Humanities
ARRA• ARRA includes $17 billion for adoption and “meaningful use”
of EHRs by Medicare and Medicaid providers (up to $44,000 each; that would cover about 386,000 of the estimated 940,000 physicians in the US today)
• “Meaningful use” includes sharing information with other systems; functionalities including computerized order entry, transmissible prescriptions, drug interaction checking, updated problem list
• Ultimate goals include patient registries, quality improvement, public health promotion
Division of Medical Ethics and Humanities
Confidentiality and Patient Trust• The most widely quoted estimate is that a significant percentage of patients (1/6)
withhold information from physicians because of concerns about whether it will be protected (California HealthCare Foundation, National Consumer Health Privacy Survey 2005).
• Almost 10% of patients chose not to “opt in” to Massachusetts interoperable EHR demonstration project, many citing privacy concerns (Tripathi et al., Health Affairs 2009)
• Harris poll re research using identifiable health information: 28% no consent or general consent in advance; 38% study-specific consent, 13% refuse to participate or be contacted, remainder unsure (2007, referenced in IOM 2009)
• This behavior may increase as the use of interoperable EHRs increases (CDT 2009)• Patient trust is particularly jeopardized by unanticipated events, so it will be
especially important to inform patients about interoperable records and confidentiality protection
Division of Medical Ethics and Humanities
HIPAA Coverage—A Solution?• Mis-described as a “privacy” rule—a confidentiality rule• Applies to “covered entities”: health plans, health care
clearinghouses, and health care providers who transmit health information in electronic form for which HHS has adopted standards—and their “business associates”
• Covers “protected health information”: any individually identifiable health information possessed by covered entities
• Does not cover: employment records, educational records, or de-identified data, even if health information is included in these records and they are otherwise possessed by a covered entity
• And . . . There’s much more HIPAA doesn’t do
Division of Medical Ethics and Humanities
HIPAA: what’s outside coverage?• Any entities that possess individually identifiable health
information, but are not covered entities or their business associates: spas, for example
• Many PHR vendors: WebMD, Microsoft Healthvault, GoogleHealth, except if under business associate agreements
• Health 2.0: PatientsLikeMe, 23andMe• Any data transferred with patient authorization out to an
unprotected site
Division of Medical Ethics and Humanities
HIPAA Exceptions to Authorization• Health care operations—including business planning, insurance underwriting, quality
assurance, and fraud and abuse detection• Law enforcement—including child abuse, abuse of a vulnerable adult, information
about victims, and information that might implicate family members (e.g. DNA from Pap smear)
• Public health—infectious disease surveillance, bioterrorism, any reportable condition• Employers—information needed to comply with an OSHA request, a Mine Safety and
Health Administration request, or other required workplace-related law• FDA—adverse drug events, post-marketing surveillance information• Research—if IRB has granted a waiver, or information is included in a “limited data
set”• “Serious threat”—to prevent or lessen a serious and imminent threat to a person or
the public, when such disclosure is made to someone believed able to prevent or lessen the threat (including the target of the threat)
Division of Medical Ethics and Humanities
Problems with Interoperable EHRs
• Deidentification?—and risks of reidentification• Surveillance and informed consent– Syndromic– Registries
• Limits to research?• Transfer of sensitive health information?
Division of Medical Ethics and Humanities
Deidentification• “Deidentified” data: created either by stripping out all of 19 listed types
of identifying information (“safe harbor” rule), or by meeting expert standards regarding risk of reidentification
• Vastly increases the possibilities for use of information—but data are not covered by HIPAA once deidentified
• Concerns– Risk of re-identification when data sets are combined, especially with
publicly available data sets: statistically unusual patterns, genetic information and growth of personalized medicine, PHRs, health blogs, Health 2.0
– Data “miners” (marketers, for example) may try to reidentify deidentified data in the public domain
– Harms from data uses even when identifiers are absent: important personal beliefs, community identity, group stigmatization; the 13% who would refuse to allow their data to be used in research
Division of Medical Ethics and Humanities
Surveillance• “Syndromic surveillance”—data are monitored for unusual patterns that
may represent disease activity or terrorist activity• Novel types of data used—google hits predicting flu outbreak• Significance of a particular data point becomes apparent only after the
pattern is discerned, so there is no way to engage in patient informed consent ex ante; compare traditional public health reporting, where the significance of a finding can be explained in advance (Source: Francis et al., Journal of Bioethical Inquiry 2009)
• Risks of stigmatization, job loss, even physical threat, e.g. to an index patient or to someone who has been identified as a danger
Division of Medical Ethics and Humanities
Disease Reporting: New York’s Ha1C Registry• Reporting of all Ha1C results by lab to registry (no opt out)• Results reported only to patients, providers (not insurance
companies or employers)• Patients may opt out of reporting (but not registry)• Preliminary results: 17% of patients say receiving the
letters prompted them to make appointments; 50% remembered receiving the letter
• Justice concerns: pilot in South Bronx neighborhoods, stigmatization and racialization
• (Source, Chamany et al., Milbank Quarterly 2009)
Division of Medical Ethics and Humanities
Research• Concern that the HIPAA “privacy” rule is impeding health
research—both too protective and too weak• HIPAA and disclosure of PHI for research:
– By patient authorization: requires “a description of each purpose of the requested use or disclosure”; authorization that is “specific and meaningful”—very difficult to apply to stored specimens, biobanks, patient registries, where new research questions are proposed
– By waiver of authorization—if no more than minimal risk, adequate safeguards, research not “practicable” without the waiver or without access to the PHI
– No clear standards for minimal risk to confidentiality or for impracticability
Division of Medical Ethics and Humanities
IOM Recommendations (2009)• New, uniform privacy, confidentiality & security standards for
all health research• With these standards, exempt research from HIPAA• Distinction between information-only research and direct,
interventional research• With informational research, certify institutions with
protective policies and practices to facilitate use of large data sets for research without individual consent
Division of Medical Ethics and Humanities
Sensitive Information• Some patients regard particular categories of health information as
especially sensitive, and would not want it shared with all providers as information is transferred across a RHIO or an NHIN
• Examples: genetic information, social history, reproductive history (e.g. abortion), substance abuse, mental health history
• Providers are concerned that incomplete records may lead to inadequate clinical care and do not want to make medical judgments without seeing the full interoperable record (but what do they see now, with siloed records?)
• Privacy/confidentiality advocates are concerned that if interoperable design fails to implement protections, patients will opt out of RHIO/NHIN (if given that choice), or will protect confidentiality by not accessing the health care system
Division of Medical Ethics and Humanities
NCVHS Proposal
• EHR design should build in the capacity to segregate pre-designated categories of sensitive health information, which could be masked on transfer at patient request
• Flag to indicate that masking has occurred• “Break the glass” feature for emergencies• Drug interaction alerts maintained
Division of Medical Ethics and Humanities
MAeHC—Opt in/out; preset categories
• “Opt-in” not “opt-out”• Preset categories of information: medication list, problem
list, diagnoses, immunization, allergies, smoking status, vital signs, procedures, lab results, radiology results
• Not: text notes, consult letters, scanned reports• An approximately 90% opt in rate among patients—but
10% of patients chose not to participate, many citing privacy concerns
• (Source: Tripathi et al., Health Affairs 2009)
Division of Medical Ethics and Humanities
Conclusions• The use of interoperable electronic health
records in primary care will continue to grow• Patient confidentiality concerns are significant
and inadequately protected with HIPAA• If patients are to trust providers’ use of EHRs,
it will be important to avoid “surprises” about their health information
Division of Medical Ethics and Humanities
• Areas of particular concern– Entities outside of HIPAA and data transfers to
them (even at patient request)– Deidentification and “data mining”– Syndromic surveillance and disease reporting– Research: biobanking and personalized medicine– Protection of categories of sensitive information,
even as records are transmitted among providers