Day in Washington, DC at PHR Roundtable
This post was blogged during the meeting, and may be reviewed and corrected in the next few days. Please see links to the videos at the end of this post.
- PHR Roundtable, Washington, DC
Washington, DC, (December 3, 2010)–The meeting is getting started today with introduction by Joy Pritts, Chief Privacy Officer, HHS/Office of National Coordinator (ONC) for Health IT, and welcoming remarks by the National Coordinator David Blumenthal, MD. Dr. Blumenthal is speaking about the process of innovation spurred by HITECH, and not directed by ONC. “The patient and consumer come first” is one of the guiding principles for ONC according to Blumenthal, and the consumer’s faith in the privacy and security of their patient information is critical to the HITECH initiatives. Part of the reason for this privacy and security hearing is to encourage innovation and transparency, one of the over 200 open meetings held already by ONC.
Pritts also notes that the Health IT initiatives are focused on patients as the center of healthcare. Now we’re on to role of “Meaningful Use,” providing patients with electronic version of their health records. HITECH Act requires that ONC study privacy and security with regard to those records, in addition to the current requirements. Pritts asks how are we going to strike right balance of innovation and maintain the use of that information for intended purposes.
First panel will provide some historical perspective and is focused on origins, development, and security practices. Tim McKay, Kaiser Permanente, provides brief on Kaiser’s use of electronic health records and personal health records which began in ’90s as regional Kaiser initiatives, and took on national scope in late 90s. Currently Kaiser has roled out EHR and PHRs. Is this patient portal or PHR? And the answer is “yes.”
Lori Nichols, Director, HInet, is director of Whatcom Health Information Network in Whatcom County, Washington state. Per their Web site, “HInet is an inclusive, secure, community-wide, healthcare intranet in Whatcom County. Using various broadband technologies, it connects hospital, payors, physician offices, and community health services. It also provides connection to the Internet.”
George Steinberg, MD, president and ceo of ActiveHealth Management, a company started with venture capital and now owned as separate company by Aetna. Started as decision support for physicians, and grew to consumer tool. Consumer PHR contains decision support to respond to consumer entering data dynamically.
Colin Evans, CEO of Dossia, a PHR company describes how the firm was founded for employers for use by their employees for safety and care coordination. Use by employees ranges from 10% to 80% based on whether company is offering incentives or not. Evans claims that data is owned by consumers. In some cases there are conflicts between HIPAA regulations and FTC regulations with regard to online protected health information.
George Scriban, Sr. Program Manager, Microsoft HealthVault, speaks about consumer interaction with healthcare as something that goes much beyond interaction with clinicians. HealthVault is cloud-based location for fragments of health information gathered from full-range of entities, improving the boxes of a patient’s information located throughout the house and clinical offices. HealthVault is not a PHR, but a personal health information platform, per Sriban, one of Microsoft’s constant refrains.
McKay of Kaiser Permanente is starting a large initiative to expand Identity Services, to maintain their information even if they leave Kaiser plans.
ONC moderator Kathy Kenyon asks “Do patients ever pay for a PHR?” of those represented. Panel answer is no.
Panel moves on to revenue sources and sustainability of consumers are paying.
Dossia: Support by employers.
Kaiser: From consumer dues. Savings comes from cost savings in employer time saved. In 2006, about 20% of Kaiser patient population used PHR, and risen to 60% in 2010. Patients viewing their patient information alone raises safety of patients.
HInet: no charge for consumers, currently grant-funded, but there will be a charge for Smartphone use. Employers and payers are noticeably absent from financial support, and this is due in large part because consumers don’t want insurance companies and employers to view their personal health information.
Microsoft: HealthVault is a free service, that is part of the larger health services unit with services offered commercially, the revenue source.
ActiveHealth: Paying customers are the employers, with PHR one of services offered. ActiveHealth is offered to 8 million Aetna members and close to 2 million non-Aetna users, with another 700,ooo non-Aetna users expected to be announced shortly. Non-Aetna users are based on offering to employers (need to confirm who these non-Aetna users are).
Additional discussion on opportunity of health plan or employer viewing health information on PHRs. Dossia says no to employers. HInet users can see who has and has not accessed their share plan PHR since the last time the consumer viewed their PHR.
Lack of physician support and interoperability of electronic health records appears to be a limiting factor to actual use of PHRs.
New Forms, New Audiences, New Challenges–Second Panel
Wil Yu, Special Assistant of Innovation and Research, ONC, is moderating panel on PHR’s new forms, audiences, and challenges. Stephen Downs, Asst. Vice President, Robert Woods Johnson Foundation, is responsible for Project Health Design, a 4 1/2 year old program to reinvent PHRs; Open Notes, where patients can view their physician’s notes; and Blue Button. Downs offered three themes: separating apps from data, expanding definition of healthcare–ODL, observations of daily living, and sharing data.
Darcy Gruttadaro, Director, NAMI Child & Adolescent Action Center. NAMI is National Alliance on Mental Illness. Since launch of its social networking site in April 2010, NAMI has gained 1,300 users for social networking site, modeled somewhat after facebook. Realizes there are a lot more security issues than she initially realized. NAMI social networking site: http://www.strengthofus.org
Description of NAMI’s social networking site:
“StrengthofUs is an online community designed to empower young adults through resource sharing and peer support and to build connections for those navigating the unique challenges and opportunities in the transition-age years. StrengthofUs provides opportunities for you to connect with your peers and offer support, encouragement and advice and share your real world experiences, personal stories, creativity, resources and ultimately, a little bit of your wonderful and unique self. It is a user-generated and user-driven community; so basically it’s whatever you make it. Everything here has been developed and created by and for young adults with you specifically in mind…because we think you’re worth it! We hope every time you visit, you find hope, encouragement, support and most of all, the strength to live your dreams and goals.”
John Moore, of Chilamrk Research, says the terms EHR and PHR create an artificial barrier. “People could care less” about PHR as file cabinet. Unified or collaborative health records need to be actionable Moore said. Moore made a great segue to Gail Nunlee-Bland, MD, interim chief of Endocrinology and Director of Diabetes Treatment Center, Howard University, referencing his Chilmark post “Smashing Myths & Assumptions: PHR for Urban Diabetes Care.” That post is certainly worth reading, and Nunlee-Bland mentioned that 85% of their inner-city patients have access to computer and Internet, which is not what the “general knowledge” says. While Howard’s PHR users are concerned about privacy, only about 5% of their potential users, have opted not to use it because of privacy issues.
Douglas Trauner, CEO, of TheCarrot.com, asked what do we need to do for overcoming healthcare, privacy and security issues. TheCarrott.com’s web site describes itself: “TheCarrot.com provides easy-to-use tools for tracking your life for a variety of topics including health, nutrition, fitness, and medicines—all within a familiar calendar format. Through this free, anonymous service, you gain a comprehensive view of your health that helps you identify areas of improvement and goal-setting.”
There’s a lot of discussion about sharing information among consumer/patient users. Panelists offer range of views about how much consumers are concerned about privacy and security. There’s a great deal of discussion about trust, including Downs’ tale of a teenager being quite willing to share lots of personal information with their 80 friends, but not their parents.
Privacy and Security of Identifiable Health Information in PHRs and Related Technologies: Expectations and Concerns – Panel Three
Joy Pritts is moderating the first afternoon panel session. Tresa Undem, VP, Lake Research Partners, said consumers are generally unaware of PHRs, based on a year-old study when only 7% reported using a PHR. Lee Tien, from West-coast based Electronic Frontier Foundation, specializes in privacy laws, not healthcare privacy. New reports from recent FTC survey shows how little public knows about privacy issues. Josh Lemieux, director of Personal Health Technology, Markle Foundation, based on six surveys, said public likes the idea of personal health records, and also say they want privacy practices.
Robert Gellman, reported on privacy issues and concerns about data leakage based on long experience, starting with working on the Hill. Strong need to define of what we’re trying to do: http://www.bobgellman.com/
Key data research resources for this panel:
Conducted by Lake Research Partners
Consumer surveys of privacy and personal health records
Tien says there is a basic ignorance among consumers and patients of actual privacy policies and implications. Based on work by Microsoft privacy expert, Tien cited the change of attitude or reality of public and private areas. It used to be that privacy was the default reality for people and it was hard to get known publicly. Currently, public knowledge of details about people is the default reality, while maintaining privacy is a challenge.
Perspectives on Privacy and Security Requirements for PHRs and Related Technologies — Panel 4
Moderator is Leslie Francis, Distinguished Professor of Law and Philosophy at University of Utah.
Adam Greene, JD, Senior Health IT & Privacy Specialist, HHS Office of Civil Rights explained that HIPAA jurisdiction does not follow the data. OCR oversees three kinds of covered entities plus direct jurisdiction of business associates. Greene asked and answered: Are PHRs covered by HIPAA? Sometimes–yes when furnished by covered entity or provided on behalf of covered entity.
Loretta Garrison, JD, Senior Attorney, Bureau of Consumer Protection, FTC uses unfairness and deceptive prongs to protect consumers. Bureau is claims driven. On December 1, 2010, FTC issued Privacy Report and recommended a privacy framework for consumers, businesses, and policymakers.
Here’s the link on press release.
Here’s link to actual report titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” And it’s a preliminary FTC staff report.
Joanne McNabb, Chief, California Office of Privacy Protection, is “chief cajoler” and not a regulator.
Greene spoke about how HIPAA requirements are not really a check list but dependent upon the particular circumstances and business processes. Greene also wanted to disabuse people of the notion that they have 60 days to report a breach event of Protected Health Information (PHI). In fact, they are required to notify HHS of a breach on 500 individuals or more as quickly as possible, no later than 60 days.
FTC does not have specific rules about breach notification, except in case of PHRs, based on HITECH.
McNabb spoke of prohibition of marketing from data in PHRs, and also be careful about using mobile devices to move PHI. California’s Privacy office Web site is http://www.privacyprotection.ca.gov/
Garrison said we heard alot about trust today and trustworthiness. Per Ponemon report on security, that there was not enough support for healthcare privacy and issues in hospitals. Security is not a check list; it’s an ongoing process according to Garrison. Garrison also expressed concern about location of PHI on the 18 of 20 PHRs that had gone out of business since John Moore had studied them.
Second subpanel section
New group of panelists consists of three lawyers and law professors.
Robert Hudock, JD, Counsel, EpsteinBeckerGreen sees keysecurity issue is integrity. Sees smart phones as more secure than computers. Suggests that we let mobile devices and security evolve, and don’t restrict it while still developing. Hudock’s biggest privacy issue is for the average person being able to protect the confidentiality of family’s information.
Frank Pasquale, JD, Schering-Plough Professor in Healthcare Regulation and Enforcement, Seton Hall Law School, lauded Markle Foundation’s emphasis on identification of versioning. There are many issues around research. He really worries when data is collected from various sources, and the digital self created from those sources. Pasquale identified several technological solutions and books.
Nicholas Terry, Chester A. Myers Professor of Law, Saint Louis University School of Law, asked what we mean by security. Data scraping is one of the issues of great concern to him. Trust is big at moment, but Terry said he doesn’t know what trust means.
Session ended with brief period with public comments.
Morning Session: Morning session video
Afternoon Session: Afternoon session video
*Please note: Apple QuickTime is required to view the video. To download and install QuickTime, visit www.apple.com/quicktime/download
For PHR Roundtable information on ONC site, click here.