This post is being copublished by Healthcare IT News
This time of year, millions of Americans file taxes. We are required to move sensitive financial data from employers and banks to the Internal Revenue Service. In the old days, we waited for paper W2’s and bank statements to arrive by mail and then spent hours with pencils and stacks of paper. But now tax preparation software enables automatic retrieval and upload of data in seconds and without error. Why is this possible? Because each of us controls our own financial data.
Now imagine that we want our sensitive health records transferred to a new doctor. We fill out paper forms, mail or fax them, pay fees, and if we are lucky a stack of printed paper records arrives by fax or mail at our new doctor’s office weeks or months later. Weeks after that they might be scanned into an electronic health record as images but, even then, they can’t be searched easily.
At our first visit, we will answer a long list of questions. The answers are in our record, but the office staff and doctor will find it more efficient to re-enter them manually. There will be errors (like the male patient of Eric’s recorded by the system as female).
Why the difference? Much has been written recently about information blocking—the inability or unwillingness of hospitals and doctors to share electronic data from our health records with one another. Lack of technical interoperability and regulations protecting security, privacy, and confidentiality are often blamed. But the reality is that technical barriers are falling. The same technology that enables your smartphone to pull sensitive financial data from your bank to pay your taxes or a taxi driver can be applied to your health care records. More importantly, the regulatory path to health records sharing is now open—the rules are already on the books.
There are three ways your health care records can be shared electronically. All require your permission. One doctor’s system can query another doctor’s system for specific bits of your record (a digital version of a phone call request). One doctor’s system can push bits of your record to another doctor’s system (a digital version of a fax). Or the doctor’s system can give you your record and you can give it to anyone you wish. The last approach is called “consumer-mediated” sharing.
The advantage of consumer-mediated sharing is that you control your data, and you authorize access to it each time.
The disadvantage? Most people would rather not waste time with the tedium of authorizing data access, especially as it might exist today in online portals run by doctor offices, hospitals, and insurance companies. They want convenience. This is where the application programming interface or API could come into play. Just as tax preparation software handles the details, the right health care APIs can enable the exchange of data for specific purposes. Need a record of your last physical exam for softball camp? Need to know how much you spent on health care claims last year? Need to let your primary care doctor know the results of a recent specialist or emergency room visit? The right app could handle each of those needs for you with a few simple clicks.
How do recent regulatory changes permit this to happen? First, by law (HIPAA), health systems have to give you your data upon request. In 2015, the federal government set a new requirement that providers must send that data to an application you designate.1 Second, the data must be available in “machine readable” form so the app can help you make sense of it.2 To meet these technical requirements, health records vendors have voluntarily agreed to collaborate on open standards for securing access to clinical information. Third, the apps will have to be secure in addition to being easy to use.
The tax preparation software example illustrates that we will pay others to move our data if they can do so securely. But for them to earn our trust, they will have to meet the privacy, security, and consumer protection standards that are required for sensitive health data.
The technical and regulatory pathway is clear. Nothing in law or regulation prevents consumer-mediated health record-sharing. If we enlist someone we trust—our neighborhood health system, our insurer, our doctor, or even a favorite retailer to demand data on our behalf—the hospitals and doctors we authorize must respond.
If we consumers demand and authorize easy record-sharing, the health care system must make it happen.