The practice of medicine requires patients to supply their doctors with personal—and often sensitive—information about their health. Given the intimate nature of this information, privacy and confidentiality has always been integral to the doctor-patient relationship. The issue of medical privacy has gained salience of late, especially as personal health information becomes increasingly digital, accessible and portable. Personal health records (PHRs) grant patients unprecedented access to and control over their personal health information. Consumer advocates and policy-makers worry that the information contained in PHRs is not fully protected by privacy laws, warning that it could be accessed by unauthorized users, abused by marketers or insurance agencies, or otherwise mishandled. This chapter explores the challenges of ensuring privacy in a digital age, and it raises the question of how policies and norms surrounding privacy must change to facilitate the transformative potential of PHRs.
The defining piece of legislation governing health information privacy is the Health Information Portability and Accountability Act of 1996 (HIPAA). HIPAA was designed to promote national health information privacy standards. HIPAA governs “covered entities” such as health plans, health care clearinghouses and health care providers that transmit health information electronically in connection with billing or medical transactions. Some consumer advocates have criticized HIPAA as too provider-centric on the grounds that the legislation is structured in terms of institutional responsibility as opposed to patient rights. These arguments and other questions about medical ethics as they relate to PHRs, are addressed by the Project HealthDesign workgroup on Ethical, Legal and Social Issues (ELSI).
Still others have taken issue with the practical consequences of HIPAA’s governing language. HIPAA is notably silent on the application of its standards to personal health records. In Project HealthDesign E-Primer #2, “The Need to Know: Addressing Concerns About Privacy and PHRs,” Patricia Flatley Brennan, R.N., Ph.D., director of Project HealthDesign, points out that “when it comes to PHRs and privacy, the law leaves us with a rather murky picture.” According to Brennan, HIPAA does not adequately address PHRs, which allow patients to collect information that is relevant to them, such as their diet and exercise routines or how much they drink or smoke. It is unclear whether these data, termed “observations of daily living” (ODLs) by Project HealthDesign, are protected by the HIPAA privacy provisions. (For more on observations of daily living, see Chapter 3 of this feature.)
Even basic questions about whether PHR providers count as “covered entities” under HIPAA remain unclear. While certain PHR vendors have volunteered to abide by HIPAA’s standards, they may not be under any legal obligation to do so. In Chapter 6 of the Health Information Technology in the United States: Where We Stand report, the authors note that “if such vendors were to violate HIPAA’s Privacy Rule in spirit, there would be no legal recourse pursuant to the law.” More recently, the American Recovery and Reinvestment Act of 2009 (ARRA) attempted to extend the privacy and security provisions in HIPAA to PHR vendors through their relationships with health care entities. The two most publicized online PHR vendors, Google Health and Microsoft HealthVault, have established relationships with traditional health care entities (e.g., the Mayo and Cleveland Clinics) in order to integrate their PHR platforms with the provision of care in the clinical setting. However, according to Lygeia Ricciardi’s report on the Project HealthDesign blog, “there is ongoing confusion about to whom these new rules apply. Google, for example, has claimed that the new language does not apply to its Google Health [platform].”
In order for patients to receive the full benefits of PHRs, many experts believe that privacy can no longer be synonymous with absolute confidentiality. “Private” implies that no one besides the patient and his doctor will have access to his health records. But virtually every health-related transaction, whether it is a lab test or a prescription refill, requires other actors in the health care system to access relevant information from patients’ records. Health information advocates have advanced the notion that empowering patients to choose who sees their data (and how the data are used) is more important that maintaining privacy in the strictest sense of the word. According to Steve Downs, S.M., Assistant Vice President of the Health Group at the Foundation, “looking at this question through the lens of protecting privacy can lead you to solutions that elevate security at the cost of sacrificing greater utility.” Downs argues that in addition to privacy, patients want and need to be able to use—and share—their data in order to achieve better health outcomes.
Similarly, Project HealthDesign’s findings suggest that a new understanding of privacy is emerging in accordance with other 21st century norms. Based on interviews with end users, the Project HealthDesign teams found that when most consumers refer to medical privacy, they are really talking about their discretionary right to control who has access to their health data. “Many Americans are used to sharing private information electronically in order to gain efficiencies that help them in their everyday life,” says Downs in Project HealthDesign E-Primer #2, “The Need to Know: Addressing Concerns About Privacy and PHRs.” In other words, while confidentiality is important to consumers, what is most important is that they are empowered to share their data with the doctors of their choosing and use their data to improve their health.
While this notion of privacy is familiar and acceptable to those who have experienced the convenience of online banking and/or the networking power of Facebook, allowing patients this level of discretion over their health data will require better data management mechanisms than even the most advanced privacy options currently available on social media sites. That a patient has schizophrenia, for example, can be inferred not just from the diagnosis in their chart, but also from medication lists, discharge summaries, imaging studies, or doctors’ notes. Thus, patients and their PHRs will need better tools to ensure that their privacy settings have their intended effect.
Addressing legitimate concerns about privacy is a daunting task for PHR advocates, but, from the perspective of the Pioneer Portfolio, that in itself is no reason to turn our backs to their many advantages. Coming to terms with the availability of medical information is just one aspect of the need to rethink privacy in a digital age. Ultimately, however, solving the privacy problem will require breakthroughs in software design, legal reforms and other disruptive innovations—all of which recommend moving forward, rather than backward, on personal health records. Chapter 7 examines the business case for PHRs and looks to recent entrants to the realm of health and health care, like Google and Microsoft, to uncover the potential of the open platform for stimulating adoption and innovation in HIT.