- Email: [email protected]
Safeguarding patient records
PUBLIC POLICY, NUTRITION PRACTICE, AND THE EVOLVING’HEALTH CARE MARKET
POLICY ALISON
Nutririon Vol. 12, No. 10, 1996
EDITOR:
B. KING, PHD
From Procter & Gamble Pharmaceuticals,
Norwich, New York, USA
Safeguarding Patient Records ALISON
B. KING, PHD
From Procter & Gamble Pharmaceuticals,
A universal, electronic medical record may be the pivotal underpinning to a seamless system of health service delivery. In a seamless system, providers would integrate patient care across delivery sites. A current longitudinal medical record would travel with the patient from inpatient to outpatient or to long-term care site. For example, an ophthalmologist seeing an 80-y-old diabetic for the first time would know the severity and duration of the patient’s diabetes, previous eye problems, and any medications the patient is taking. Ready access to upto-date, comprehensive patient information would enable providers to provide better-quality care and to coordinate care with other providers and services. This should yield more efficient allocation of health care resources. The electronic medical record holds tremendous promise. It also poses considerable challenges in the domain of personal privacy, as voiced by recent federal legislation: “New technologies increase the importance of addressing new threats to the confidentiality of health information. For example, technologies that permit an individual’s health information to be computerized increase the possibility of unauthorized electronic access to the information. Technologies that provide genetic information provide information not just about an individual’s current health but also about the individual’s potential future health and the health of the individual’s relatives.” i The daunting task ahead is to facilitate access to information while pro-
Nutrition 12:726-727, 1996 OElsevier Science Inc. 1996 Printed in the USA. All rights reserved.
Norwich. New York. USA
tecting an individual’s right to conhdential medical records. To illustrate this double-edged sword, I will borrow an example from public health. One of the U.S. goals for national health promotion and disease prevention in the year 2000 is that at least 90% of children receive a basic immunization series by age two.’ I have selected this example because the goal itself is noncontroversial. Immunizing kids on time is the right thing to do. In addressing this seemingly simple goal, many local health departments have trouble at the outset because they cannot collect accurate baseline data. At the most basic level, a county may have trouble compiling a list of resident infants and children. Once the county identifies children, it must attempt to track which immunizations children receive at public health clinics, physicians’ offices, or hospital outpatient clinics. In addition, children who move or live near adjacent counties may receive some immunizations outside county lines. The same child may receive immunizations at multiple delivery sites-sometimes duplicate vaccines. A National Immunization Registty would enable providers to quickly assess an individual child’s immunization history and needs. The public health department would also be able to track specific children and immunization rates with considerably greateraccuracy, and a callback system of parent reminders could be generated electronically. (But keep in mind, a universal immunization record would bolster, rather than supplant, parental responsibility to keep accurate im-
ELSEWER
munization records and take their kids in for shots.) The down side to an electronic immunization record is that it could provide access to much more than immunization data. The record would, of necessity, include patient identifiers. Those identifiers could be linked with other medical records to obtain both pertinent medical information (e.g., medical conditions that might contraindicate a particular immunization) and unrelated information (e.g., HIV status, insurer, family medical history). The U.S. Congress is working to establish national standards that protect patients from unwanted uses of their personal medical data yet preserve legitimate clinical and research uses. One proposal (8 1360)3 would require “trustees” of confidential health information to obtain separate signed patient authorizations before disclosing protected data for purposes of treatment, payment, and other uses. This requirement could impose unforeseen and unwieldy administrative burdens. For example, an employer might need to obtain an employee’s authorization before using medical records to determine timing of a disability leave. In the case of immunizations, separate signed consents would be needed for sharing immunization data among providers (treatment use) and reporting immunization rates to the state (research and public health use). New data uses might require finding children and their proxies for more signatures. At both ends of the spectrum, patient authorization forms could be written so broadly as to become a perfunctory component of a medical visit with little utility, or forms
0899-9007/96/$15.00 PII: SO899-9007(96)00219-5
THE EVOLVING
HEALTH CARE MARKET
might be so specific that they deter patients from sharing information. This single legislative proposal raises a host of unresolved issues. Would consent requirements apply to data obtained before enactment of the law? How about epidemiologic data? Consider the prospect of getting patient permission before conducting a secondary analysis of data from the 1977 National Medical Expenditure Survey of 14,000 households. Obtaining permission might consume more resources than the research itself. With the cost of health research rising and a
. . . SAFEGUARDING
PATIENT RECORDS
shrinking pool of federal research funds, we should avoid new administrative costs except where value is demonstrable. For example, there is little, if any, value in superimposing new authorization requirements on current informed consent requirements for clinical trials. Congress is ill advised to impose broad-reaching federal administrative requirements on health information transactions. Instead, we should carefully define where protection of confidentiality is needed. Then we should design preemptive federal legislation that inserts
727
controls at appropriate points in the information chain to ensure protection of patient rights. REFERENCES 1. McDermott JA. Medical privacy in the age
of new technologies act of 19% (H.R. 3482), introduced May 16, 1996 2. Heakhv Peoule 2000. Denartment of Health- and Human Services: (PHS) 9150212, 1990 3. Bennett R. Medical records confidentiality act (S. 1360)) April 12, 1996 discussion draft
POLICY ALISON
Nutririon Vol. 12, No. 10, 1996
EDITOR:
B. KING, PHD
From Procter & Gamble Pharmaceuticals,
Norwich, New York, USA
Safeguarding Patient Records ALISON
B. KING, PHD
From Procter & Gamble Pharmaceuticals,
A universal, electronic medical record may be the pivotal underpinning to a seamless system of health service delivery. In a seamless system, providers would integrate patient care across delivery sites. A current longitudinal medical record would travel with the patient from inpatient to outpatient or to long-term care site. For example, an ophthalmologist seeing an 80-y-old diabetic for the first time would know the severity and duration of the patient’s diabetes, previous eye problems, and any medications the patient is taking. Ready access to upto-date, comprehensive patient information would enable providers to provide better-quality care and to coordinate care with other providers and services. This should yield more efficient allocation of health care resources. The electronic medical record holds tremendous promise. It also poses considerable challenges in the domain of personal privacy, as voiced by recent federal legislation: “New technologies increase the importance of addressing new threats to the confidentiality of health information. For example, technologies that permit an individual’s health information to be computerized increase the possibility of unauthorized electronic access to the information. Technologies that provide genetic information provide information not just about an individual’s current health but also about the individual’s potential future health and the health of the individual’s relatives.” i The daunting task ahead is to facilitate access to information while pro-
Nutrition 12:726-727, 1996 OElsevier Science Inc. 1996 Printed in the USA. All rights reserved.
Norwich. New York. USA
tecting an individual’s right to conhdential medical records. To illustrate this double-edged sword, I will borrow an example from public health. One of the U.S. goals for national health promotion and disease prevention in the year 2000 is that at least 90% of children receive a basic immunization series by age two.’ I have selected this example because the goal itself is noncontroversial. Immunizing kids on time is the right thing to do. In addressing this seemingly simple goal, many local health departments have trouble at the outset because they cannot collect accurate baseline data. At the most basic level, a county may have trouble compiling a list of resident infants and children. Once the county identifies children, it must attempt to track which immunizations children receive at public health clinics, physicians’ offices, or hospital outpatient clinics. In addition, children who move or live near adjacent counties may receive some immunizations outside county lines. The same child may receive immunizations at multiple delivery sites-sometimes duplicate vaccines. A National Immunization Registty would enable providers to quickly assess an individual child’s immunization history and needs. The public health department would also be able to track specific children and immunization rates with considerably greateraccuracy, and a callback system of parent reminders could be generated electronically. (But keep in mind, a universal immunization record would bolster, rather than supplant, parental responsibility to keep accurate im-
ELSEWER
munization records and take their kids in for shots.) The down side to an electronic immunization record is that it could provide access to much more than immunization data. The record would, of necessity, include patient identifiers. Those identifiers could be linked with other medical records to obtain both pertinent medical information (e.g., medical conditions that might contraindicate a particular immunization) and unrelated information (e.g., HIV status, insurer, family medical history). The U.S. Congress is working to establish national standards that protect patients from unwanted uses of their personal medical data yet preserve legitimate clinical and research uses. One proposal (8 1360)3 would require “trustees” of confidential health information to obtain separate signed patient authorizations before disclosing protected data for purposes of treatment, payment, and other uses. This requirement could impose unforeseen and unwieldy administrative burdens. For example, an employer might need to obtain an employee’s authorization before using medical records to determine timing of a disability leave. In the case of immunizations, separate signed consents would be needed for sharing immunization data among providers (treatment use) and reporting immunization rates to the state (research and public health use). New data uses might require finding children and their proxies for more signatures. At both ends of the spectrum, patient authorization forms could be written so broadly as to become a perfunctory component of a medical visit with little utility, or forms
0899-9007/96/$15.00 PII: SO899-9007(96)00219-5
THE EVOLVING
HEALTH CARE MARKET
might be so specific that they deter patients from sharing information. This single legislative proposal raises a host of unresolved issues. Would consent requirements apply to data obtained before enactment of the law? How about epidemiologic data? Consider the prospect of getting patient permission before conducting a secondary analysis of data from the 1977 National Medical Expenditure Survey of 14,000 households. Obtaining permission might consume more resources than the research itself. With the cost of health research rising and a
. . . SAFEGUARDING
PATIENT RECORDS
shrinking pool of federal research funds, we should avoid new administrative costs except where value is demonstrable. For example, there is little, if any, value in superimposing new authorization requirements on current informed consent requirements for clinical trials. Congress is ill advised to impose broad-reaching federal administrative requirements on health information transactions. Instead, we should carefully define where protection of confidentiality is needed. Then we should design preemptive federal legislation that inserts
727
controls at appropriate points in the information chain to ensure protection of patient rights. REFERENCES 1. McDermott JA. Medical privacy in the age
of new technologies act of 19% (H.R. 3482), introduced May 16, 1996 2. Heakhv Peoule 2000. Denartment of Health- and Human Services: (PHS) 9150212, 1990 3. Bennett R. Medical records confidentiality act (S. 1360)) April 12, 1996 discussion draft