Promising research may protect health records privacy

Personal health records and health record banks are nothing new.

Then again, neither are data breaches, consumer surveys saying people want their privacy rights respected and provider surveys indicating, within limits, that they'd like to respect their patients' privacy desires.

The technology to tie these wants together is slowly becoming available, although it's still rarely used, and the methods differ.

Some Wake Forest University researchers tried to tackle the problem and recently reported they've pilot tested their own promising approach.

According to an online article in the American Medical Informatics Association, the Wake Forest School of Medicine's Department of Biomedical Engineering has developed a prototype health information exchange that both works for providers and restores patient control over the flow of their medical images.

The full text of the article, “Patient-controlled sharing of medical imaging data across unaffiliated healthcare organizations,” requires a subscription to access. Still, you can get a gist of what they accomplished from the abstract.

The prototype exchange system, developed by “extending open source technology,” according to lead author Yaorong Ge, an associate professor of biomedical engineering, and his colleagues, enables providers and patients swap digital images. It uses what's called a Patient Controlled Access-key Registry to manage access for both patients and providers. A patient, who would allow another provider to see his or her records, releases an “access key” with a digital signature at a patient portal.

Many, but not all, regional or state-wide health information exchange organizations require some form of patient consent, reflecting more stringent state privacy laws or practices than the more lax federal HIPAA privacy rule, which does not require consent for many, common data-sharing uses.

Ge and his colleagues claim their system can be used “to integrate organization-coordinated sharing networks” and a “longitudinal virtual health record” while still protecting privacy by giving patients control with “minimal burden on patients, providers and infrastructure.”

Psychiatrist and patient privacy advocate Dr. Deborah Peel— often a critic of health IT systems that she sees compromising privacy— says she likes what she reads about the Wake Forest pilot. “The majority of current HIT systems and data exchanges violate medical ethics and patients' long-standing rights to control PHI (protected health information,” Peel wrote in an email Wednesday. “Bravo to the Wake Forest research team for finally building effective electronic patient consent tools. Yes, this model solves the legal problems of data sharing. And yes, it builds patient trust in physicians because it restores the personal control over use and disclosure of protected health information that patients expect.”

We often hear about the need to create a more patient-centric healthcare system. Putting patients in control of their healthcare records is consonant with that approach. The Wake Forest model shows promise, so I hope Ge and his colleagues get the chance to scale it up from their pilot and see if it can handle other data forms, such as lab results and care summaries.

Follow Joseph Conn on Twitter: @MHJConn.



Loading Comments Loading comments...