For two years, Angela Demouthe* underwent a series of tests to identify the troubling weakness that was growing in her legs. When she moved from Raleigh, N.C., to Atlanta, she prudently got a copy of her records to take with her.
But when she lost consciousness and ended up in the emergency room of an Atlanta hospital, ER personnel had to start from scratch. After she was admitted and her daughter hand-carried her records to the hospital, Demouthe realized key test results were missing. Her new neurologist called the old one, but said he didn’t respond. The old neurologist replied that he had faxed the records.
This scenario plays out thousands of times each day, thanks to the nation’s antiquated system of medical records keeping. An electronic personal health record, electronic personal health record, or ePHR, stored securely but open to authorized healthcare providers, could save countless lives and millions of dollars. But the benefits of the e-business revolution seem to have passed hospitals and doctors by.
According to the Journal of the American Medical Association (JAMA), only 24 percent of physicians use electronic health records, and only 5 percent of hospitals use computerized physician order entry. In other words, more than 75 percent of consumers’ health information isn’t available for online storage, in any form. According to the JAMA article, the foot-dragging is similar to the early days of e-business — ten years ago.
Doctors say it’s too expensive to buy the hardware and software for electronic record-keeping, although the Centers for Medicare & Medicaid Services estimate that they would save money over time while improving care. One study of primary-care physicians found they could save as much as $86,400 per doctor over a five-year period.
If the software is too pricey, a little advertising on those e-records might be just what the doctor ordered. Practice Fusion, a company that provides free online electronic health records to physicians, finances the service by displaying physician-targeted ads on the electronic records. For example, when a doc views a patient’s blood panel, she may also see an ad touting cholesterol-lowering medication. Practice Fusion also sells anonymous, aggregated data to insurance groups, clinical researchers and pharmaceutical companies.
This sounds like the business model for Google and Microsoft’s MSN. Perhaps it’s no wonder, then, that both companies are moving into this area.
In October 2007, Microsoft announced HealthVault, intended to be a platform on which vendors can build services and applications. Microsoft is working with the Mayo Clinic to build tools to let people manage their own health.
Google Health, launched in February, announcing a partnership with Cleveland Clinic, an academic medical center that treats around 3 million patients from around the world each year, to test the secure storage and transfer of medical records from Cleveland Clinic’s proprietary electronic records system to Google servers.
Practice Fusion wasn’t the first medical vendor to use this data-selling model. In fact, over 4 million for-profit corporations, including most medical software vendors and pharmacies data mine health records to sell drugs, services, or insurance, according to Deborah Peel, an M.D. and founder of the Patient Privacy Rights Foundation, a non-profit dedicated to giving Americans the ability to control who accesses their healthcare information. One vendor reported 2006 revenues of $2 Billion for selling prescription records. [cob:Special_Report]
Peel says personal health information is already being used by employers, insurers and others to discriminate against not only the sick but also the potentially sick. The availability of this sensitive information on the Internet will increase privacy concerns while adding security issues.
This data may not be as anonymous as tech companies promise. In August 2006, the New York Times was able to identify an AOL searcher by her queries, after AOL made the search histories of 675,000 Americans public. AOL said publishing the data was a mistake and removed it, but not in time to prevent it being widely republished and scrutinized.
Personal health information is even harder to de-identify, according to Peel. “There are too many unique details, places, and dates that allow the data to be re-identified by cross matching with voter registration or drivers license records. This is highly personal health records — lab tests, x-rays, doctor’s notes, even payment information — that they are selling,” she says.
Add to those privacy concerns Americans’ enthusiastic use of social networking and online forums to research and exchange information about health conditions.
One of the newest entrants in the personal health category is iMedix.com. The site, launched in December, applies today’s social networking tools to a format pioneered by WedMD and DrKoop.com in the early dotcom days. It lets people post their photos with information about their health status and experiences, and they can communicate via live chat or private e-mail. The site is growing fast, and 85 percent of active community members are chatting and sending private messages to each other.
Iri Amirav, chief marketing officer, calls it “patient-to-patient information. People are smart, they can take care of themselves and want to be empowered. They just need the right tools,” he says.
Peel gives high marks to Microsoft’s HealthVault, because the company has agreed to meet her coalition’s 17 principles for privacy, including patient control of all access and no data mining. Microsoft plans to log each time a record is created, changed or read to provide a clear audit trail.interface and its practices in order to ensure security. For example, it keeps user information in a separate, encrypted database to prevent hacking.
But Peel finds patient-to-patient sites “incredibly dangerous. When bosses find out about people’s health information, they may lose their jobs, not be promoted, or their reputations may be ruined,” Peel says. “We need to put up a wall between employers and the most sensitive information about us: health, genetic and prescription information.”
Amirav of iMedix points out that 40 percent of Americans search for health information in aid of others, rather than for themselves. If it came up in a job interview, an applicant could say he joined a depression community to help a friend.
But employers may instead just toss the resume, Peel said. Moreover, “If you have relatives or children or grandchildren, your illnesses may very well create discrimination against them because of fear of an inherited tendency to whatever you have.”
Unfortunately, the debate about privacy of health care info may be too late. According to advocacy group Patient Privacy Rights, an amendment to the Health Information Privacy and Portability Act (HIPPA) actually eliminated patient privacy. The original HIPPA, which went into law in 2001, required providers to get the person’s consent before using or disclosing medical information. However, the act was amended in 2003 to require merely disclosure.
In December 2007, the National Committee on Vital and Health Statistics made recommendations to the U.S. Department of Health and Human Services (HSS) regarding the secondary use of patients’ electronic data.
They said HHS should issue guidance about how to de-identify data and recommendations for the use and resale of such data. It suggested HHS should work with Congress and other Federal agencies to reduce the possibility of discrimination based on someone’s health status.The committee also will conduct more hearings on privacy issues and data stewardship.
The committee also recognized consumers’ interest in accessing and managing their own data. In fact, that interest — and the willingness of private industry to slake it — may make government’s work moot.
* Name and details have been changed to protect the patient’s privacy.