I have seen the following comment, or similar – from someone identified as Louisa – in a couple of comments on various articles relating to e-Health recently .
Louisa writes:
"I think it's very important with any e-health system that it be completely voluntary, and that the patients have complete control over who can see what specific information. When you consider some of the more sensitive information people can have in their medical records, such as:
* incontinence problems;
* sexual dysfunction;
* sexually transmitted diseases;
* sex-change operations;
* plastic surgery;
* therapy notes for mental illness;
* trauma counselling notes after rape or child molestation;
* ambiguous genitalia;
* stigmatised conditions such as HIV or weight-related issues e.g. diabetes;
It's very important that patients can feel like they can trust their doctor enough to confide in them in the first place. They need to be able to tell one doctor about their problem and have that information restricted to just that doctor, and not have it be available to other specialists in completely unrelated fields.
I would hope that any e-health system will be completely opt-out (or preferably opt-in), and will allow patients the ability to completely lock down certain information, so that it can't be accessed by anyone other than nominated doctors, even in emergency situations. Failure to allow this could lead to people simply not confiding in their doctor in the first place, which obviously could negate any of the health benefits provided by an e-health system.”
There are few others I would add including basically any recorded mental illness, childhood behavioural problems, Hepatitis B & C, a previous abortion and so the list goes on.
If you consider the proportion of the public who have some health information they want to make sure remains under their control you wind up with – over people’s lifetimes – a pretty large slab of the population (doesn’t some form of mental illness strike 30+% of us at some time in our lives?).
There seems to be a cynicism among some so-called ‘experts’ that this concern does not matter – but I would argue that if these issues are not comprehensively and credibly addressed e-Health will just go nowhere. The claims that it is ‘too hard’ or ‘too complicated’ or ‘too expensive’ to implement will see all sorts of initiatives just quietly fail to be adopted and used.
The complexity of a part of this – the demands by workers compensation insurers to access total rather than relevant parts of medical records - is just the tip of an murky and complex iceberg.
See this program from the ABC Law Report this morning (Tues 30 March, 2010).
Protecting privacy
Meet Sara (not her real name). She's seeking compensation for injuries sustained in a road accident. The insurer wants access to all her medical records, including those relating to an unconnected sexual assault.
Sara says let the doctors decide what's relevant to her compensation claim and keep irrelevant and intensely private material out of the hands of the insurers.
Her case raises fundamental issues about how we regulate our privacy rights and deal with complaints.
The link is here:
I know the e-Health evangelists find all this frustrating but the lesson is clear as far as I am concerned. Do it properly or not at all!
Thanks Louisa!
David.
11 comments:
The question needs to be asked as to who owns the data? If the data was gathered in a public hospital then does the hospital own the data and if so surely that hospital has the right to share that data with other clinicians in that hospital.
Similarly if patients have total control then there is the possibility that at each nurse shift change the patient must reauthorise nurses on the new shift to see data.
What about information that doctors enter that is not meant to be seen by the patient? Currently this information is only available by FOI request.
I think that there needs to be a basic level of information available at all times, such as the dates of an episode and nothing more. On top of that there need to be emergency overrides in place to allow treating physicians to access the data if needed with a comprehensive notification system to the patient that the data has been accessed.
The UK has gone a long way to solving this problem and we need to look at their example to see what we can use.
Louisa makes some pretty powerful points when she says:
"When you consider some of the more sensitive information people can have in their medical records, such as:
* incontinence problems;
* sexual dysfunction;
* sexually transmitted diseases;
* sex-change operations;
* plastic surgery;
* therapy notes for mental illness;
* trauma counselling notes after rape or child molestation;
* ambiguous genitalia;
* stigmatised conditions such as HIV or weight-related issues e.g. diabetes;"
Bureaucrats with their butchers paper and whiteboards who plan in thin air from their ivory towers should all be allocated one of these conditions before being allocated a planning / policy role in the domain of ehealth records. Then, I'm sure Louisa's concerns would be satisfied.
Sara and the Law report raise worrying issues as the Privacy Commissioner has oversight of the security and use of our sensitive personal information under the Healthcare Identifiers program.
If the PC thinks it is necessary for Workcover to have a woman's entire medical history in order to settle a bicycle accident claim, then there is trouble ahead
I fully agree with Louisa that consideration of and action on the issues she raises should be a fundamental requirement for implementation of IT in health care.
A well designed health IT system should at the very least have the ability to allow flagging of some information as not for release. Some do not allow this at all, some allow it in a limited sense and others are quite good at it. Of course, a more sophisticated system would allow far more control than this, at the cost of complexity.
This points to what I think is a more pressing and difficult problem - workforce skills and development. Managing health information and maintaining privacy using computer systems requires understanding and skill - even with the best designed systems. My experience has been that most people involved in providing health care services do not have a good understanding of what is actually happening (or could happen) with the information they are entering into computers. No amount of clever system design or regulation will resolve this problem until the people involved (including consumers) have enough knowledge behind them to make informed choices when deciding how and what to record and share.
Part of the problem is that we still see the "EHR" as a whole thing. The state of current systems and the level of workforce skills mean that we are simply not able to meet the kind of requirements unless we find creative ways to use the technologies.
One way that consumers can control what happens to their information using current technologies would be for them to be able to choose a separate identity to be used when recording certain information. Consumers and health care workers would need to be advised of the potential consequences of this, because there is no doubt that it could impact on quality of care in certain circumstances.
At least it would allow us to move forward without having to solve the entire problem. This need to have everything right before we can make any move at all is one of the things that has been holding health IT back for many many years. Isn't it time we started to look at this as the problem with health IT and apply some creativity to solving it?
This is a difficult issue. Let me pose a puzzle:
A patient goes to a GP who prescribes an antidepressant medication. The patient decides that this information should not be shared.
The patient goes to another doctor and receives a prescription for another medication that has contraindications for the antidepressant. The second doctor doesn't know that the patient is on that medication, but they have access to other patient history.
The patient goes to a pharmacy and receives the new prescription. The pharmacist checks the medications that the patient wants them to know about. This does not include the antidepressant.
Neither the second doctor nor the pharmacist considers that they need to ask about other medications because they have the list in front of them.
What happens to the patient? If they end up in Emergency do the doctors there have the right to access this information?
I think you have just shown how hard the maintenance and use (and trust) of any form of summary shared EHR is. I also don't think there are any quick, easy or pat answers.
David.
Anonymous (Wednesday, March 31, 2010 1:55:00 PM) - what happens in such a situation now?
While I agree that in an ideal world the problem you describe should not exist, but we do not live in an ideal world. Patients should be made aware of the risks posed by keeping information confidential, doctors should not be held responsible for decisions made by patients.
If we at least establish a culture where information is routinely shared electronically we can help people who choose to put their health concerns ahead of their privacy concerns.
It may just be possible then to see if we can find ways of addressing issues such as the one you describe.
Yup, but pretending there is not a 'show stopper' out there is not smart!
David,
To me the "show stopper" is the appalling waste and inefficiency of the current situation.
I dont know. I think the present inefficiencies have some inherit benefits.
For example, I dont think the question of a patient's right to seek another opinion without bias or hindrance has been raised in the current discussions, although it has been a point of concern expressed previously by health consumers.
That is, how much will any subsequent doctor be affected by knowledge of others' professional opinions and diagnoses?
Will their clinical independence, and judgment, be even unconsciously biased by what someone else has said?
What if diagnoses are missed because the second doctor fails to do thorough investigations because he believes the bases have already been covered?
And what about damage to the patient's relationship with their prime doctor once he/she realises a second opinion has been sought?
So let the patient choose another identity for their second opinion. Use technology to replicate what is right about the current situation while allowing it to fix what is wrong.
Post a Comment