Health data in US electronic health record (EHR) systems is controlled not by patients but by data holders: insurers, data clearinghouses, hospitals, physicians, and technology vendors. We learn that our data will be disclosed to hidden third parties from Notices of Privacy Practices.
Although it might seem like hyperbole, technology-enabled industry and government surveillance of citizens’ EHRs is far more damaging than the National Security Agency’s surveillance of phone calls. Patients won’t share complete, accurate information until they control its use.
In 2006, the National Committee on Vital and Health Statistics proposed a definition of health privacy as the “individual’s right to control the acquisition, uses, or disclosures of his/her identifiable health data” ( www.ncvhs.hhs.gov/060622lt.htm). But most people don’t know that the Health Insurance Portability and Accountability Act (HIPAA) eliminated this right four years earlier, in 2002 ( http://tinyurl.com/lkr4qhh). Nevertheless, a significant minority—35 to 40 percent—don’t trust technology, knowing that their health data isn’t private ( http://tinyurl.com/mybeg22).
Technology radically alters the patient-physician relationship by preventing patients from controlling the use of their health data and physicians from honoring patients’ rights of consent. Hippocrates recognized that patients’ trust in physicians depends on disclosing private information only with permission. This lack of trust in physicians and technology causes 40 to 50 million patients to risk their health and lives every year:
- 600,000 avoid early diagnosis and treatment for cancer.
- 2 million avoid early diagnosis and treatment for depression.
- millions avoid early diagnosis and treatment for sexually transmitted diseases and
- 37.5 million hide information, avoid seeing their regular doctor, ask doctors to alter diagnoses, and pay for tests out-of-pocket, if they aren’t avoiding tests all together (www.chcf.org/publications/2005/11/national-consumer-health-privacy-survey-2005).
Clearly, we must reengineer health IT systems to reap the benefits of technology, prevent bad health outcomes, and prevent discrimination based on health information.
Current technology literally locks patients out of their sensitive personal health data. We can’t download, collect, correct, or disclose it to physicians, caretakers, or researchers; obtain second opinions or independent advice; or audit downstream users. Most of us can’t even securely email our doctors.
Fixing technology is easy ( http://patientprivacyrights.org/trust-framework), but killing the huge health data surveillance industry it spawned is hard. If we don’t restore control over health data, will we ever gain control over other personal information?
Deborah C. Peel is the founder and chair of Patient Privacy Rights. Her interests include advocacy for privacy rights and privacy-protective technology solutions, and fixing privacy gaps in the law. Peel received an MD from the University of Texas Medical Branch at Galveston, Texas. Contact her at firstname.lastname@example.org.
Point/Counterpoint: Privacy and Security as Enabler, Not Barrier, to Responsible Health Data Uses
“Privacy and Security as Enabler, Not Barrier, to Responsible Health Data Uses,” by Deven McGraw, states that trust in health technology will be enabled not by focusing disproportionately on patient consent but through robust policies that address all of the fair information practice principles.
The deficiencies of the US healthcare system—high costs, poor quality, frustrating inefficiencies—exact a heavy toll on patients. Learning more from health information, including data in electronic health records (EHRs) populated by healthcare providers and by patients, is key to improving both individual and population health.
But patient data in EHRs is quite sensitive. Survey data consistently shows that patients enthusiastically support adoption of EHRs but are also concerned about the privacy of their digital health information. Nearly one in eight patients has withheld information from a healthcare provider due to privacy concerns ( www.ncbi.nlm.nih.gov/pubmed/23975624). Failure to address these concerns could have real consequences for people’s health.
Patients suffer both when privacy is breached and when opportunities to learn from health data are wasted. Consequently, privacy policies need to both protect data and enable its appropriate use. Unfortunately, giving patients more control over their health information—typically through absolute requirements for consent prior to data access or sharing—is usually where debates about health privacy begin (and, too frequently, where they end).
Research increasingly demonstrates that consent—even when done as recommended—ends up shifting the burden for protecting privacy to individuals, and too often provides them with little meaningful control. Further, for healthcare providers, the EHR is a business record, a fact frequently overlooked in policy debates. Policies should require providers to handle information in those records responsibly and with deep respect for their sensitivity to patients. However, subjecting even routine uses and disclosures of data in an EHR to patient control ignores the business context in which records are created and maintained.
Fair information practice principles (FIPPs)—such as openness and transparency; collection, use and disclosure, and limitations; data minimization; and reasonable security safeguards—are the foundation for policies that address the rights of patients. But in the context of a healthcare system, they’re in need of repair and increasingly rely on EHRs. Consent, or individual participation, is but one of the FIPPs, and it’s neither absolute nor controlling.
Leveraging all the FIPPs enlarges the policy toolbox, opening doors for solutions that more directly hold data holders accountable for implementing policies and technical safeguards that both minimize risks to patient privacy and enable responsible data sharing to improve the healthcare system for all patients. For example, greater transparency to patients of actual data uses by providers, and meaningful engagement of patients in both the process of care and decisions about how data is used, could help build a more trusted, patient-centered system characterized by responsible, privacy-preserving data uses.
Deven McGraw is the director of the Health Privacy Project at the Center for Democracy & Technology ( www.cdt.org). Her research interests include building health “privacy by design,” building trust in de-identified data, and governance of health big data. McGraw has a JD and an LLM from the Georgetown University Law Center. Contact her at email@example.com.
Deven McGraw Responds
We agree that building trust in EHRs is critical to ensuring that all patients reap their benefits; we disagree that focusing on patient control over data is the right approach. Some studies have found that EHRs improve the relationship; others have found the evidence to be more mixed. As with most technologies, whether electronic records meet the needs of patients, providers, and society depends on a mix of user-centered design and user adaption to optimize value.
That said, we share the view that providing patients with timely access to downloadable, digitally transmittable health information is key to putting patients in the driver’s seat with respect to their health and the health of their family members. Federal policy attempts to accomplish this, but progress is agonizingly slow; under HIPAA, providers can still take up to 30 days or more to provide patients with their records. Facilitating greater access through technology is part of the solution, but the bigger lift involves changing a culture that still too often views patients as passive receivers of healthcare. Patients deserve better.
Deborah C. Peel Responds
McGraw shifted the debate from the lack of health data privacy to what’s wrong with the US healthcare system, arguing that industry should control health data, not patients. Her objections to restoring patient control are that consent burdens patients and researchers won’t get enough data if they have to ask patients for it.
Both objections are false. Patients want to be asked for consent. The majority wants technology that empowers them to decide who can use their data, but today’s EHRs prevent patient choices. Patients view the consent process as ensuring their autonomy and privacy, enabling trust in physicians. Moreover, polls show large majorities of patients distrust electronic systems, so their data is filled with errors and omissions, compromising research. Flawed data produces flawed results.