Back in 2001, right before the HIPAA privacy rules took effect, I wrote a law school student note entitled “The Emergence of the Health Care Information Trust.” Pretty heady, and perhaps a bit Pollyanna-ish, stuff. In the note I argued that to pull the hidden value of disparate health care information out of the islands of digital data that had been forming throughout the health care system, some form of clearing house for patients, with strong fiduciary obligation to individual patients participants, needed to emerge. In fact, because of HIPAA’s soon to be finalized privacy regulations, without patients expressly vesting rights in something like a health care data aggregator, it would be very difficult (if not impossible) to use the information commercially for purposes other than directly for healthcare treatment, payment, operations and certain research. Further, the value in that data would not be able to accrue to the individual any other way. My concept was to allow use of patient data, with defined limitations set by the patient, with micropayments to patients for such patient approved use by anyone seeking to access the aggregated data.
Anyway, the eight years since I wrote the article, I am not sure where the health care data market is going. But there are some services that seem to be starting to emerge as potential aggregators. Most notably, both Microsoft and Google have been taking initiatives in the area. Of course, Microsoft and Google are not what I had projected; but it probably makes more sense in hindsight that the two biggest IT juggernaughts would be making headways into this this very young market with unknown potential. If anything, the ability to pull good, useful and linkable health care information (except maybe healthcare claims data) is a monumental problem, and true electronic medical records are, at best, still in their infancy. So, also, the immediate possibilities of wide-scale transfers to such aggregators.
One of the obvious limitations, even if and when health record data is transferable without impossibly difficult transactional barriers and costs, is the fact that the privacy regulations are really set up to address patient rights in principally paper records. So, even if you wished to transmit electronic data to an aggregator service (be it my concept of a Healthcare Information Trust or, for that matter, Google or Microsoft), there are no express provisions addressing this.
So I found it interesting when I read about “A Declaration of Health Data Rights.” In it, the organization specifically makes mention to access to records in “computable form.” Also, in reading about the initiative in the NYT’s Bits blog, I took particular note that both Microsoft and Google have a role in it. Ah, this makes some sense now.
For what its worth, the group desires:
A Declaration of Health Data Rights
In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:
1. Have the right to our own health data
2. Have the right to know the source of each health data element
3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
4. Have the right to share our health data with others as we see fit
These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.
via HealthDataRights.org.
Filed under: Health Law, HIPAA, Electronic Health Record, Health Law, HIPAA, LinkedIn
humani nil a me alienum puto 