In a recent meeting, the Privacy & Security Tiger Team of HHS' Health IT Policy Committee sought to address critical IT capability questions.
It's technologically possible, Tiger Team members noted, to prevent the transmission of certain information—diagnoses, procedures and laboratory test results, for example—by directing an electronic health-record system to scan for and hide the codes associated with that data. But EHR systems now on the market vary in their ability to do this, and the function isn't widely used within the healthcare industry.
One alternative to scanning for medical codes would be to scan for specific terms contained within the text of a health record. Technology to sift through and identify information in unstructured text has been developed by U.S. spy agencies, said Dixie Baker, senior vice president and technical fellow at Science Applications International Corp., McLean, Va., a systems integrator and defense and intelligence IT contractor.
"You can do it automatically," Baker said. "The intelligence community does it all the time." Baker agreed with other Tiger Team members that "EHRs by themselves don't do this.” Still, she said, "every healthcare organization I know has an interface engine that can do a lot of this type of thing."
Baker reminded Tiger Team members of a June 29 team-hosted daylong hearing at which seven privacy-technology developers from the public and private sectors demonstrated their wares. Programmer Duane DeCouteau, a senior technologist at the VA's Office of Health Information, gave one of the presentations, explaining a pilot project under way in San Diego between the Veterans Affairs and Defense departments' healthcare organizations and Kaiser Permanente, which is part of the federally funded Beacon Community program to fund development of cutting-edge health IT applications.
Based on DeCouteau's description, Baker said, the system being tested goes "beyond just codes" and is capable of scanning "entire note sections."
Tiger Team member Wes Rishel, a vice president in the healthcare provider research practice of Gartner, an IT market-research firm, urged restraint, however.
“I'd like to suggest we carefully distinguish what we saw from a conclusion that this is an accepted technology,” Rishel said. "I think as of the time of the hearing, the number of records that had been transferred under this regimen was in the low thousands."
In the end, the Tiger Team didn't conclude that it could recommend to the Health IT Policy Committee—and from there, possibly, to HHS—that the government require or push for the use of more basic code-reading technology that would prompt patients to choose whether to block the transfer of certain sensitive information.
"We recognize that in maintaining patient trust we have to not oversell what is available and in fact, we have to describe it carefully," Rishel said in summarizing the day's discussion. "But we believe that even with the limits, adopting measures along these lines is better than just throwing up our hands and saying nothing is possible."