Wednesday, December 06, 2006

A modest proposal

Yesterday, I learned of a program being run by Aetna that prompted me to think differently about the medical records issue. While there is a general belief that interoperability of electronic medical records among health care providers would be of great value to society, there are obstacles to that process that keep arising. Some of these are technical, some are based on privacy concerns, and some are based on corporate decisions to protect information to maintain market share. Here, from Aetna, is an approach that might suffice to skirt many of these issues and enable consumers to send information to whatever providers they would like.

Aetna has created a personal health record -- using the claims information it receives from providers -- that is placed on a secure website and is made available to its subscribers. So, for example, it will show your test results, inoculations, allergies, surgical procedures, hospital stays, chronic illness treatment patterns, and the like. Not only can a subscriber review information about his or her medical histories, but he or she can also authorize any provider to look at it as well.

Think about this. An Aetna subscriber does not need Hospital A to share its medical records with Hospital B: The subscriber can authorize this without an intermediary. Whether the patient has shown up at an out-of-town emergency room or just wants to visit a doctor or hospital in another provider network, the feature is instantaneously available.

I know this is not a complete medical record, but it contains enough information to be helpful in many cases.

Why can't we do this in Massachusetts? It could start with Blue Cross/Blue Shield, the largest insurer in the state, acting alone. Or imagine the power if BCBS, Harvard Pilgrim, and Tufts were all to create this program as a shared venture, but with a firewall between their systems so that data stayed with the subscriber's current insurer. If the underlying platform were the same, the subscriber's data could easily be transferred if an employer or the individual subscriber changed insurers.

I think this is an elegant solution that could help cut the Gordian knot of the interoperability problem. If we can solve 80% of the problem with a quick fix like this, it might be more valuable than waiting a decade to solve 100% of the problem. Maybe those of you out there who are more expert can tell me why I am wrong.

(By the way, Aetna also uses this information to conduct an evidence-based medicine review for patients with chronic problems to help reduce underuse and overuse of medical services. For example, if a diabetic patient is not keeping up with a treatment regime, the patient's primary care doctor is notified by Aetna's medical consultants to contact the patient. Sharing of this data is authorized by the patient when he or she becomes an Aetna subscriber.)


Star Lawrence said...

My general impression of HIPAA is that it outlines what docs or ins cos CAN give out rather than what it protects from the viewpt of the patient. A friend was called by the National Cancer Society a hot second after getting her b/c diagnosis. the doc had to have told them her private business. I see that in this case, the Aetna system led right to seeing if the patient was compliant and then telling the doc. Why is that the ins co's business to do unless it's to cut costs? In one state, compliance is already being tracked and Medicaid patients getting fewer prescriptions (withholding of care) if they don't do the bidding of the state.

Anonymous said...

I don't have a problem with an insurance company acting to reduce costs if that is consistent with good quality care. And, by the way, it often is. But, it goes the other way, too. Both overuse and underuse in medical treatment are recognized and documented problems, and sometime an insurance company's intervention will actually result in more, and more timely, and better treatment.

On your other point, I cannot imagine any doctor violating federal law by calling a charity with a patient's diagnosis to help raise funds. That had to be a coincidence.

Anonymous said...

The Aetna proposal seems sensible. One big concern: it relies entirely on the vital term "secure web site."

When the time comes that I need life-or-death care, I want the caregiver to know everything they need, even if I'm nowhere near my home hospital.

But what about insurers and perhaps employers who are willing to dig for data that I don't want them to have, as a basis for denying insurance or employment? (In states where insurers aren't required to accept everyone, I've seen absurd and disgusting cases of healthy people being left desperate because their premiums were jacked way up for foolish reasons.)

Worse, someone (especially a sneak) could make such decisions based on incomplete data or even if they've got the facts wrong. Credit bureaus are known to do that all the time. Why should we assume that insurance companies are less human?

This New York Times article adds another smack of reality to the issue of what's actually private. (It's not specific to the Aetna proposal.) A brief clip:

Bill Clinton's identity was hidden behind a false name when he went to NewYork-Presbyterian Hospital two years ago for heart surgery, but that didn’t stop computer hackers, including people working at the hospital, from trying to get a peek at the electronic records of his medical charts.

Dr. Craig Smith performed heart surgery on former President Bill Clinton two years ago at NewYork- Presbyterian Hospital. Computer hackers tried to get a peek at the famous patient’s electronic medical records.

The same hospital thwarted 1,500 unauthorized attempts by its own employees to look at the patient records of a famous local athlete, said J. David Liss, a vice president at NewYork-Presbyterian.

And just last September, the New York City public hospital system said that dozens of workers at one of its Brooklyn medical centers, including doctors and nurses, technicians and clerks, had improperly looked at the computerized medical records of Nixzmary Brown, a 7-year-old who prosecutors say was beaten to death by her stepfather last winter.

In most of the incidents in the article, security software did block the intrusion attempts.

The risks are real, and perhaps the answer is an easy and reliable way to grant access where we want it and block it where we don't. That could be the Aetna proposal.

To me it all depends on "secure web site." And I'd like to see insurance companies be required to treat "no other group" applicants as a group of its own, so there's no singling out of individuals to be denied coverage.

Anonymous said...

Clinical data sharing is the future of medical computing -- the political barriers are far more substantial than the technical.

BIDMC was one of three sites in Massachusetts to pilot Medsinfo-ED(funded by BCBSMA). This project allowed emergency physicians and nurses view insurance company data on filled prescriptions - this provided a hint at their underlying conditions and prevented interactions with medications they were taking.

On the technical level, the project worked great -- but the political and privacy issues (ie suppressing many of the most important medications) decreased the utility sufficiently that the project didn't catch on.

The good news is that the lessons learned will help build bigger and better clinical data sharing projects in Massachusetts. BIDMC's CIO, John Halamka is leading regional and national efforts to bring this to fruition.

Star Lawrence said...

To clarify, the Cancer Society called my friend to offer her assistance in dealing with her breast cancer, not to raise funds. Still, it should have been her choice--not the doctor's--to be contacted.

Anonymous said...

For sure!

ftrotter said...

The problem with solutions like this is one of control. The technology to do things like this have existed for years. But the doctors do not trust the insurance companies to be at the "center" of patient information, and the insurance companies do not trust the doctors to be at the "center". etc etc.

This is the promise of open source software. The patient moves their record to the organization that the patient trusts.

Watch for the FOSS PHR records coming from Robert Wood Johnson foundation project healthdesign. We should see some exciting work coming from them (I hope).

It is important the code be open source and that the PHR be interoperable. Not just one or the other.


Anonymous said...

This solution relies upon the assumption that individuals will remain with the same insurer over time. As employers tinker with their benefit plans in an attempt to control the costs of insuring employees, the health care plans that are offered often change. People change jobs with greater frequency than in the past, and a job change is typically accompanied by a change in health plan. This "solution" is really only viable if Aetna is willing to transfer the records stored on their secure site to other insurers (who will presumably have set up similar, compatible systems), but Aetna has no incentive to do so after someone has chosen a different health care insurance company.

Anonymous said...

Doctors should respect the patient right to privacy & making personal choices.