Q&A With Carol Diamond
The managing director of the health program at the Markle Foundation explains why public trust is essential to the successful exchange of electronic health information – and how we can build it.
Healthcare Technology: Can you tell us a little about the Markle Foundation and Connecting for Health?
Carol Diamond: The Markle Foundation is a nonprofit foundation established in 1927 with a focus on accelerating the use of information and communication technologies to meet critical public needs, specifically in the areas of healthcare and national security. Our main health initiative is our Connecting for Health collaborative, which we launched in 2001. It brings together more than 100 key stakeholders in the public and private sectors, including privacy advocates, consumers, vendors, professional societies, hospital groups and others. Members of all of these diverse groups work together to address barriers to the widespread electronic exchange of health information.
HCT: What do you think are the biggest barriers to health information exchange?
CD: Of course there are numerous problems that need work, including technical problems, like how to make different systems interoperable, and financial ones, like how to make health information exchange feasible in the short term and sustainable in the long term. But one of the hardest, yet often overlooked challenges is creating public trust. If people do not believe that their personal health information is being handled in a way that is safe and secure, they will not want to participate in any kind of electronic health information exchange – which means we will never reap the benefits of medical error reduction, cost savings, evidence- based care and greater consumer involvement in their own care that we all hope information technology will bring.
HCT: People were wary of ATMs at first, but now almost everyone uses them. Is trust different in the context of health and healthcare?
CD: Definitely. While people worry about the safety and privacy of their financial information, they also know that if someone gets your bank card number and steals your money, or makes unauthorized charges to your credit card, the damage is largely reconcilable. If you are repaid by the bank, the credit card company, the offender, whomever – you can be made “whole” again. But once health information is out, you can never get it back. People worry that unauthorized access to their health information can translate into discrimination, stigma or embarrassment. To make things worse, it is often very difficult to prove a link between an information leak and such negative consequences. This problem will only become more complex as health information begins to additionally contain genetic information. Although some point out that having health information stored primarily in paper is riskier from a privacy perspective – there is no record of who has looked at the information or why – storing information electronically presents its own set of increased risks. The public hears about electronic data breaches in other industries in the news every day, and surveys show that people are indeed very concerned about the privacy of their health information.
HCT: So what can we do to build public trust?
CD: Part of what is needed is greater public education and understanding – of both the benefits and the risks associated with electronic health information sharing. But even before that, we need to commit to creating a system that is trustworthy and that reflects common public values, such as the importance of information privacy. We have to consider public trust in designing the technologies on which information sharing relies. You can’t build an elegant and efficient data network first and then worry about policies for protecting Americans’ rights and privacy later. If you do not make well-reasoned policy choices in advance, the technology implementation may lack the right policies or may have to be retrofit later. There are many examples of information system projects inside of healthcare and in other sectors that have failed because of this oversight.
HCT: What kind of policy are you talking about?
CD: By “policy” I don’t necessarily mean laws or regulations set by Congress or other government entities. I’m talking about the “rules of the road” – rules by which any information system must live. Developers of an information system need to have clear rules defined for how information is to be used before they can build it. Protecting privacy, determining the purposes for which information may be collected and used and establishing the security rules for information sharing are all examples of policies that are necessary to construct a system that is trustworthy and transparent to the consumer.
While HIPAA protects privacy in some situations, it’s not enough on its own, in part because it was not written to address the specific challenges of electronic information sharing. Those who are trying to build health information exchange networks at the community level need to fill in some of the gaps with policies of their own. Examples of policy questions communities need to think about are: How do you know someone who asks to see a certain piece of information is who he says he is? To what extent should patients be able to give or withhold access to their own health information? What should happen when someone does get access to information she shouldn’t have seen? These kinds of questions need to be considered from the outset; they have to be, because they should influence technical and architecture decisions.
HCT: Can you give me an example of how policy influences technical or architecture decisions?
CD: Sure.While technology and policy impact each other on many levels, let’s look at the big picture, the design of the nationwide “network of networks.” While some people argue that it would be good to keep health information in a series of central databases that could store all the health information in the country, which seems remarkably efficient and simple, we think the unintended consequences of this approach would be in conflict with some key policy challenges. In addition to the obvious risk of a catastrophic breach, we believe that requiring the centralization of all health data uncouples a key relationship that is very important to the individual consumer – the relationship with their doctors, hospitals and others who are custodians of their health information. In every survey we have done, patients express a strong desire to control who has access to their health information. In our approach, we recommend leaving the data with those who have a relationship with the patient.We also believe this decentralized approach is essential because it does not force a “onesize- fits-all” set of policies on the entities that hold patient data. One hospital may want a higher set of protections for its data than another, and if forced to centralize their data they may not be able to agree on the policies that govern its use. The decentralized approach allows each participant in a network to make certain choices about the policies that guide the use of their data. And there are other benefits to this type of local control. For example, the accuracy of data is likely to be higher if it isn’t transferred and managed by outside parties.Without a direct relationship with the patient, it’s impossible to identify and correct erroneous data.
HCT: So what should individual communities do to make sure their technical choices take into account policies that build public trust?
CD: Trust comes in part from consistency. In order to build trust – and to assure that all the different networks will be able to talk to each other – you need a consistent set of baseline rules that everyone nationwide follows. These guidelines need to include both technical topics, such as which data standards to use, and the explicit set of policies that address the questions we talked about. If you think another health system may not be operating by a basic set of rules, you probably are not going to want to engage in health information exchange with them.
Connecting for Health has developed a “first draft” of these guidelines, which we call the “Common Framework.” Our Common Framework is based on the input of diverse groups of experts and the experience gleaned from developing a three-state prototype of information sharing. The Common Framework consists of eight model policy documents, a model contract to formalize the relationship of community members, and six technical documents, including technical implementation guides and the actual code and test server interfaces from our prototype. Communities can use these free resources to learn how a national group of experts has recommended addressing some of the basic policy and technical challenges associated with information sharing. They are available at http://www.connectingforhealth.org/ commonframework/.
HCT: Aside from the question of building public trust, are there other reasons that integrating information technology into healthcare is particularly tough?
CD: I think many of the barriers to information exchange in healthcare spring from the same source. The health system in the U.S. is not set up to encourage information sharing, whether electronically or through any other means. In the not-so-distant past, most people saw only one family doctor for most of their lives. There was no need for information exchange in treating a patient. Today, people often have numerous specialists for different conditions, and they are much more likely to move and travel frequently. They need their health records to go with them, but it’s hard to make that happen, especially when you’re dealing with a system like ours that is incredibly diverse, fragmented and still largely paper-based. Technology is forcing an outdated system to recreate itself, but a whole host of policy, social and cultural challenges need to be solved along the way.
