Presentation is loading. Please wait.

Presentation is loading. Please wait.

Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A.

Published byCoral Stephanie Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A."— Presentation transcript:

1 Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance NCVHS Secondary Data Uses Work Group Hyattsville, MD July 19, 2007 © 2007

2 2 2 Health Record Banking Alliance n Virginia non-profit formed 6/06; first met 9/06 n Purpose: promote the concept of health record banks: l Consumer-controlled independent repositories of health records n Broad participation, no formal membership l HIT vendors & organizations l Health record bank organizations l Consultants (HIT & health policy) l Privacy advocates l 100+ on e-mail list n Monthly Meetings n Draft principles developed & posted on web n Virginia non-profit formed 6/06; first met 9/06 n Purpose: promote the concept of health record banks: l Consumer-controlled independent repositories of health records n Broad participation, no formal membership l HIT vendors & organizations l Health record bank organizations l Consultants (HIT & health policy) l Privacy advocates l 100+ on e-mail list n Monthly Meetings n Draft principles developed & posted on web

3 3 3 © 2007 1. Policies Needed to Achieve Effective Secondary Data Use n Strong public support of secondary use l 81% support use of electronic health records for research [Markle Foundation 9/05] But public also wants control of their information [Harris Interactive/WSJ 9/06] 64% of adults said they would like to have access to an electronic medical record (EMR) to capture medical information 62% agree that "electronic medical record use makes it more difficult to ensure patient privacy.” n Strong public support of secondary use l 81% support use of electronic health records for research [Markle Foundation 9/05] But public also wants control of their information [Harris Interactive/WSJ 9/06] 64% of adults said they would like to have access to an electronic medical record (EMR) to capture medical information 62% agree that "electronic medical record use makes it more difficult to ensure patient privacy.”

4 4 4 © 2007 1. Policies Needed for Secondary Data Use (cont.) n Policies needed: l Individual right to medical privacy l Individual may own a complete copy of all their medical records l Individual controls ALL use of their medical information l Consent required for any use – May be provided in advance – May be granted for person, organization, specific study, etc. – Specific to single purpose only n Policies needed: l Individual right to medical privacy l Individual may own a complete copy of all their medical records l Individual controls ALL use of their medical information l Consent required for any use – May be provided in advance – May be granted for person, organization, specific study, etc. – Specific to single purpose only

5 5 5 © 2007 2. Adequacy of Privacy Protection Under Current Law n HIPAA regulations are inadequate l Treatment, payment, operations (TPO) exceptions seem reasonable l However TPO determination is done by organization that has data l No disclosure, reporting, or effective oversight l Not consistent with Fair Information Practices (HHS, 1973) n No technical reason why individual consent cannot be obtained n HIPAA regulations are inadequate l Treatment, payment, operations (TPO) exceptions seem reasonable l However TPO determination is done by organization that has data l No disclosure, reporting, or effective oversight l Not consistent with Fair Information Practices (HHS, 1973) n No technical reason why individual consent cannot be obtained

6 6 6 © 2007 3. Uses of Health Data with Insufficient Protection n All uses have insufficient protection because HIPAA is inadequate n No disclosure of specific uses n Individuals cannot opt out of use of their information n Individuals cannot find out what their information is used n Individuals cannot prevent their information from being used against them n “De-identification” is virtually never absolute -- data can usually be re-identified n Violates Hippocratic Oath n All uses have insufficient protection because HIPAA is inadequate n No disclosure of specific uses n Individuals cannot opt out of use of their information n Individuals cannot find out what their information is used n Individuals cannot prevent their information from being used against them n “De-identification” is virtually never absolute -- data can usually be re-identified n Violates Hippocratic Oath

7 7 7 © 2007 4. Other NHIN-related health information use issues n Requirements for Community Health Information Infrastructure n Health Record Banking Model n Secondary Use Implications n Policy Recommendations n Requirements for Community Health Information Infrastructure n Health Record Banking Model n Secondary Use Implications n Policy Recommendations

8 8 8 © 2007 Complete Electronic Patient Information Stakeholder cooperation Financial Sustainability Public Trust Components of a Community Health Information Infrastructure

9 9 9 © 2007 Complete Electronic Patient Information n Most information is already electronic: Labs, Medications, Images, Hospital Records n Outpatient records are mostly paper l Only 10-15% of physicians have EHRs l Business case for outpatient EHRs weak n For outpatient information to be electronic, need financial incentives to ensure that physicians acquire and use EHRs n Requirement #1: Financial incentives to create good business case for outpatient EHRs

10 10 © 2007 Complete Electronic Patient Information n Need single access point for electronic information n Option 1: Gather data when needed (scattered model) l Pro: 1) data stays in current location; 2) no duplication of storage l Con: 1) all systems must be available for query 24/7/365; 2) each system incurs added costs of queries (initial & ongoing); 3) slow response time; 4) searching not practical; 5) huge interoperability challenge (entire U.S.); 6) records only complete if every possible data source is operational

11 11 © 2007 Complete Electronic Patient Information n Need single access point for electronic information n Option 2: Central repository l Pro: fast response time, no interoperability between communities, easy searching, reliability depends only on central system, security can be controlled in one location, completeness of record assured, low cost l Con: public trust challenging, duplicate storage (but storage is inexpensive)

12 12 © 2007 Complete Electronic Patient Information n Need single access point for electronic information n Requirement #2: Central repository for storage

13 13 © 2007 n Voluntary Impractical n Financial incentives l Where find $$$$$? n Mandates l New Impractical l Existing – HIPAA requires information to be provided on patient request n Requirement #3: Patients must request their own information Stakeholder cooperation

14 14 © 2007 n Funding options l Government – Federal: unlikely – State: unlikely – Startup funds at best l Healthcare Stakeholders – Paid for giving care – New investments or transaction costs difficult l Payers/Purchasers – Skeptical about benefits – Free rider/first mover effects l Consumers – 72% support electronic records – 52% willing to pay >=$5/month n Requirement #4: Solution must appeal to consumers so they will pay Financial Sustainability

15 15 © 2007 A.Public Trust = Patient Control of Information n Requirement #5: Patients must control all access to their information Public Trust

16 16 © 2007 B.Trusted Institution  Via regulation (like banks) impractical ??  Self-regulated  Community-owned non-profit  Board with all key stakeholders  Independent privacy oversight  Open & transparent  Requirement #6: Governing institution must be self-regulating community- owned non-profit Public Trust

17 17 © 2007 C.Trustworthy Technical Architecture  Prevent large-scale information loss  Searchable database offline  Carefully screen all employees  Prevent inappropriate access to individual records  State-of-the-art computer security  Strong authentication  No searching capability  Secure operating system  Easier to secure central repository: efforts focus on one place  Requirement #7: Technical architecture must prevent information loss and misuse Public Trust

18 18 © 2007 Health Record Banking Model n All information for a patient stored in Health Record Bank (HRB) account n Patient (or designee) controls all access to account information [copies of original records held elsewhere] n Each HRB has three interfaces: l Withdrawal window - record access l Deposit window - receives new info l Search window - authorized requests n When care received, new records sent to HRB for deposit in patient’s account n All data sources contribute at patient request (per HIPAA) n All information for a patient stored in Health Record Bank (HRB) account n Patient (or designee) controls all access to account information [copies of original records held elsewhere] n Each HRB has three interfaces: l Withdrawal window - record access l Deposit window - receives new info l Search window - authorized requests n When care received, new records sent to HRB for deposit in patient’s account n All data sources contribute at patient request (per HIPAA)

19 19 © 2007 Clinical Encounter Health Record Bank Clinician EHR System Encounter Data Entered in EHR Encounter data sent to Health Record Bank Patient Permission? NO DATA NOT SENT Clinician Inquiry Patient data delivered to Clinician YES Optional payment Clinician’s Bank Secure patient health data files Health Record Banking

20 20 © 2007 Secondary Use Implications n Privacy is protected through consumer control l Each consumer customizes their own privacy policy n Health record banks facilitate secondary use l Searches over populations easy – Not necessary to release data – Counts of matches with demographics normally sufficient – Eliminates issues of “de-identification” and reuse l Can combine searches over multiple banks l Banks can notify individuals without knowledge of searchers (e.g. for clinical trial recruitment, drug withdrawal from market) l Banks collect fees to share with consumers n Privacy is protected through consumer control l Each consumer customizes their own privacy policy n Health record banks facilitate secondary use l Searches over populations easy – Not necessary to release data – Counts of matches with demographics normally sufficient – Eliminates issues of “de-identification” and reuse l Can combine searches over multiple banks l Banks can notify individuals without knowledge of searchers (e.g. for clinical trial recruitment, drug withdrawal from market) l Banks collect fees to share with consumers

21 21 © 2007 Policy Recommendations (1 of 2) 1. Consumer has complete legal ownership and control of health record bank information l No exceptions needed as copies of information are elsewhere l Information protected from – Change in ownership – Failure of customer payment – Bankruptcy l Consent for single-purpose access only l No coerced consent 2. All holders of electronic medical information required to provide it within 24 hours of creation at no charge (on patient request) 1. Consumer has complete legal ownership and control of health record bank information l No exceptions needed as copies of information are elsewhere l Information protected from – Change in ownership – Failure of customer payment – Bankruptcy l Consent for single-purpose access only l No coerced consent 2. All holders of electronic medical information required to provide it within 24 hours of creation at no charge (on patient request)

22 22 © 2007 Policy Recommendations (2 of 2) 3. Include health record banks as covered entities under HIPAA l Cover personal health information in all locations 4. Require independent privacy & confidentiality audits of health record banks l Certification of auditing entities l Public disclosure of audits 5. Require security procedures sufficient to enforce privacy & confidentiality policies 3. Include health record banks as covered entities under HIPAA l Cover personal health information in all locations 4. Require independent privacy & confidentiality audits of health record banks l Certification of auditing entities l Public disclosure of audits 5. Require security procedures sufficient to enforce privacy & confidentiality policies

23 23 © 2007 Questions? William A. Yasnoff, MD, PhD, FACMI william.yasnoff@healthbanking.org 703/527-5678 For more information: www.healthbanking.org www.yasnoff.com

Download ppt "Health Record Banks Enable Secondary Data Use with Privacy Protection William A. Yasnoff, MD, PhD, FACMI CEO, Health Record Banking Alliance William A."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Rationale for Independent Health Record Banks William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI Managing.

Rationale for Independent Health Record Banks William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors William A. Yasnoff, MD, PhD, FACMI Managing.
Health Record Banks: A Financially Sustainable Model for Health Information Exchange William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

Health Record Banks: A Financially Sustainable Model for Health Information Exchange William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.
Edward H. Shortliffe, MD, PhD Chairman, Advisory Board Health Record Banking Alliance (HRBA) www.healthbanking.org Panel on Privacy - III Defragmenting.

Edward H. Shortliffe, MD, PhD Chairman, Advisory Board Health Record Banking Alliance (HRBA) Panel on Privacy - III Defragmenting.
Software Certification for Electronic Health Records: The Certification Commission for Healthcare Information Technology (CCHIT) James J. Cimino, M.D.

Software Certification for Electronic Health Records: The Certification Commission for Healthcare Information Technology (CCHIT) James J. Cimino, M.D.
A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.

A New Patient-centric and Sustainable Path to Achieving Health Information Infrastructure William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
AHCCCS/ASU Clinical Data Project March 17 th, 2009 Arizona Health Care Cost Containment Health System Medicaid Transformation Grant Program.

AHCCCS/ASU Clinical Data Project March 17 th, 2009 Arizona Health Care Cost Containment Health System Medicaid Transformation Grant Program.
Meaningful Use The Catalyst for Connected Health Sameer Bade Strategic Product Planner.

Meaningful Use The Catalyst for Connected Health Sameer Bade Strategic Product Planner.
Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.

Minnesota Law and Health Information Exchange Oversight Activities James I. Golden, PhD State Government Health IT Coordinator Director, Health Policy.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Health Information Technology: Where are the Opportunities? William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors Healthcare in 2009 New York,

Health Information Technology: Where are the Opportunities? William A. Yasnoff, MD, PhD, FACMI Managing Partner, NHII Advisors Healthcare in 2009 New York,

Similar presentations

Ads by Google