A batch of corporate providers of personal health-record systems and platforms as well as a number of payer and provider organizations have emerged from a private, multiyear effort orchestrated by the Markle Foundation to come up with a consensus approach to PHRs.
What is being billed as Connecting for Healths Common Framework for Networked Personal Health Information was collaboratively developed and endorsed by major PHR vendors including Dossia, Google, Intuit, MedicAlert Foundation International, Microsoft Corp. and WebMD, as well as payers Aetna and the two largest health insurance trade associations, the Blue Cross and Blue Shield Association and Americas Health Insurance Plans, whose member companies also offer PHRs to their covered individuals. Several provider organizations also were involved in the planning effort and endorsed the common framework, including Geisinger Health System, Danville, Pa.; New York-Presbyterian Hospital; the Palo Alto (Calif.) Medical Foundation; Partners HealthCare System, Boston; the Vanderbilt Center for Better Health, Nashville; and the Veterans Affairs Department.
The framework, announced Wednesday, runs to more than 200 pages in 19 documents, not counting a Web-based animated presentation narrated by David Lansky, who, since January, has served as the president and chief executive officer of the Pacific Business Group on Health, which also endorsed the effort. Lansky has been a point man for Markles efforts in the area of PHRs for about six years.
In 2002, as the founder of the Foundation for Accountability, a healthcare quality improvement organization, Lansky was named to chair a Markle work group on PHRs under its then newly formed Connecting for Health initiative. When the Foundation for Accountability folded in 2004, Lansky came to work at Markle, becoming its senior director of the health program and chairman of the Personal Health Technology Council.
In addition to its programs in healthcare information technology, Markle, a New York-based not-for-profit organization, also serves as an IT policy shop working with various national security companies and organizations.
Lansky, in his narration to the framework, outlined the work as rules that need to be in place to assure the consumer that their data will be handled appropriately and in the ways that they wish and also assure the health data source that when they release the consumers information to these Internet information providers that information will be handled in a way that is consistent with their own obligations, both moral and legal, to that patient.
The Lansky narrative said there is both great potential for benefit to consumers from using what the group is describing as providers of consumer access servicesmiddlemen that provide connectivity between patients and their PHR systemsand sources of healthcare information such as hospitals and physician offices, pharmacies and pharmacy benefits managers, data warehouses that aggregate data from those sources, payers and others.
There is also great potential for risk to the security and confidentiality of consumers health information as less-regulated organizations record personal health information with these new, Internet-based services, Lansky said. The policies we have outlined here are designed to protect the consumers as well as to guide organizations that collect and store health information about them.
One key controversy involving PHRs, despite the recent framework effort, remains unresolvedwhether these new iterations of patient record holders should be covered by the overarching federal healthcare privacy lawthe Health Insurance Portability and Accountability Act of 1996. The two newest and largest players in the PHR market, Microsoft and Google, have lined up early, high-profile provider partners in the Mayo Clinic, Rochester, Minn., and the Cleveland Clinic, respectively, among others. These IT companies are not covered entities as defined by HIPAA and thus are not explicitly required to abide by HIPAA privacy and security provisions. Neither have they entered into business associate agreements, tools commonly used by covered entities such as provider organizations with their IT vendor business partners that would extend some measure of HIPAA coverage and obligations to the noncovered entity partner.
The participants in this group represent both organizations that are covered entities under HIPAA and some are not, Lansky said during the teleconference. With regards to HIPAA, We did not speak to what congressional action or regulatory action should or should not be taken. We are not addressing the role of HIPAA and society and what action should be taken.
Another issue, also unresolved, is the definition of privacy. A glossary of terms accompanies each of the 16 white papers on specific topics that make up the bulk of the framework, but privacy is not one of the terms defined.
Jim Dempsey, also a speaker at the announcement Wednesday, is a lawyer and the vice president for public policy at the Center for Democracy & Technology, which endorsed the framework and which, like Markle, is a think tank that offers policy guidance in IT in both healthcare and national intelligence. The center receives funding from Markle and other IT industry sources, according to financial disclosures on its Web site. Dempsey was acknowledged in the documents as an important contributor to the policy framework.
Dempsey said privacy is composed of all of the elements on the policy side and the technology side of the framework. Personally, I think that a definition of privacy doesnt get you very far until you look at all the details and here are the details. If you put them all together, he said, youll have a definition of privacy.
No public meetings were held by the group, which has 46 members, but lots of people have been consulted, according to Zoe Baird, president of the Markle Foundation and a former senior vice president and general counsel of Aetna. Weve gotten very broad input. The framework received the endorsement of Consumers Union, the American Academy of Family Physicians, and, at the news conference, by Joseph Heyman, a physician who is chairman-elect of the board of trustees of the American Medical Association.
I think this goes a long way for physicians, Heyman said. According to Heyman, many physicians have been unsure about sending patient information to PHR vendors and the guidelines provide comfort in that regard. We couldnt be more strong in our support and endorsement of this.
What do you think? Post a comment on this article and share your opinion with other readers. Submit your letter to Modern Physician Online at [email protected]. Please be sure to include your hometown and state, along with your organization and title.