William Bria is a pulmonologist and chief medical information officer for the Shriners Hospitals for Children system based in Tampa, Fla. Bria also serves as president of the Association of Medical Directors of Information Systems, a professional association for physicians in medical informatics.
“The idea of granularity, it will be like everything else,” Bria said, “Those who are reasonable; they won't want to make it too complicated, but when it is highly sensitive information, they're going to want to have a switch there.”
“A tidal wave” of patients is coming," Bria said, and “not just teens, but 50- or 60-year-olds, who will say, ‘Yeah, I want to put my stuff online,' but they will say I want more control. There will be a patient-centric dialog as to who they will allow to turn this information on and off. I think there is going to be a culture shock within the establishment of medical informatics.”
Bria worked more than a decade in academic medicine at the University of Michigan. Some Ph.D.s in medical research “had a very different take than the average Joe” about data access and privacy.
“When you get to blue-collar folks, they have a concern about trust,” Bria said, and so, he predicts, most physicians will back their patients in their call for increased patient control over the sharing of their data. “In the community, the only thing you can be is with your patients. If you're not, you're out of business. If we don't understand that, we're blind in another way.”
Deborah Peel, an Austin, Texas, psychiatrist and the founder of the Patient Privacy Rights Foundation, said her daughter, a Facebook user, “forced me to go on it a couple of weeks ago.” Peel said she was immediately befriended by both her daughters and their friends, and then by some professional colleagues, quickly creating an online potpourri of contacts on her Facebook page.
“Essentially, Facebook is a kind of consent management system,” Peel said. “The controls are pretty awful, but the controls are there so you can control who sees what.”
Peel said she often hears the argument from people working on healthcare IT standards that it is impossible to build a healthcare IT system that accommodates patient consent, but “PHRs are doing it right now. And now Facebook has access controls, too.”
Robert Shelton is co-founder, chairman and CEO of Private Access, Irvine, Calif., a developer of patient-rights management software that helps patients control access to their information, but also enables them to release their information on their request so their data can be used in specific, trusted clinical trials. Shelton said the company's software can control patient data to the level of a single word.
There is an understandable comparison between the new controls on Facebook and the patient-rights controls needed in healthcare, but the task in healthcare is far more complex, Shelton said.
“There is a lot more stuff in healthcare that you have to worry about than what Facebook has to worry about,” Shelton said. “They have a proprietary system and they're setting granular controls on each of the fields, but when you're dealing with healthcare, you're dealing with lots of different systems.
“Facebook does not need to worry about authentication and are the people who they claim they are,” Shelton said. “In the healthcare area, you've got to deal with true identity.”
In addition, Shelton said, “They're not that concerned about auditing, but in healthcare, you are. There are layers of additional complexity that have to be taken into account.”
“But is it a sign post that it can be done?” Shelton asked, rhetorically, about the Facebook controls. “Yeah, it can be done.”
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.