Health data utilities offer chance to protect privacy, optimize health management
Amid an expected rise in foster care cases and growing health challenges, HDUs could enhance health data sharing, streamline care and bolster privacy.
Note: This article is part 2 of a 3-part series that takes a deep dive into HDUs. Continue exploring HDUs and how they can improve public health by bridging the data divide in part 3.
Foster care caseloads are expected to rise in both 2023 and 2024. Youth experiencing foster care face significantly higher rates of physical, mental and behavioral health obstacles, and, in Maryland alone, challenges meeting their behavioral health needs contribute to high emergency department wait times.
High turnover rates among case workers further compounds the extremely fragmented care they receive, as they are often shuffled from placement to placement, spanning different cities, counties and, in some areas, states. Without a consistent case worker, there’s often no one keeping track of the healthcare of these youths.
The state of Maryland found it difficult to track the mental and physical health needs of children in its care. In 2021, the state contracted with CRISP, Maryland’s state designated health information exchange, to collect comprehensive health information for children in state custody to better identify their health and wellness needs. The information is shared with the state medical director and approved clinicians, who use this data to ensure the right care is provided for the right children at the right time.
This type of data exchange is made possible through a health data utility (HDU), which leverages the existing infrastructure of the state’s health information exchange (HIE) to share clinical, community and public health data with state agencies, community partners, providers and payers for complex use cases, like care for children in foster care. The HDU connects clinical and public health data while appropriately protecting privacy and security of the data across settings — and that’s critical given that public health and human services agencies are governed by different regulations and infrastructure than clinical health systems.
Yet while states such as Maryland, West Virginia and Washington, DC, are leaning into HDU models to improve health for at-risk populations, HDUs have not yet taken off nationally. That’s a missed opportunity for states to more effectively address public health and population health while protecting the privacy of residents’ health information.
A coordinated approach is needed
HDUs sit at the intersection of public health and clinical care. They offer a highly secure infrastructure that solves the need for data interoperability across public, community and private settings.
Because privacy considerations are key to an HDU, they ensure only the designated people can see the data they are allowed to see — no matter where data are captured and shared. In the case example of foster care children, the HDU was set up to both protect the privacy of this vulnerable population while ensuring improved healthcare can be delivered by approved providers.
HDUs solve the need for data interoperability where information such as social determinants of health, which can impact as much as 80 percent of health outcomes, may be available to one entity but not another. For instance, data collected during clinical appointments with Medicaid pediatric asthma beneficiaries might point to circumstances that could complicate asthma management for a child. These might include the presence of mold in the child’s bedroom or lack of adult supervision to monitor the child’s use of an inhaler.
In Maryland, the state’s HDU sends referrals to local health departments when a child on Medicaid would benefit from a Medicaid-supported home visiting program to assist with asthma management. It’s an initiative that has increased enrollement in the program and home visits, which will ultimately improve health outcomes for these children and lead to reduced emergency department visits.
Without an HDU, health systems and other healthcare providers would likely need to enter into data use agreements with each entity that possesses the data needed to create a more complete picture of the individual’s whole-heath needs.
Public health officials face the same challenge: If a public health department wants to provide targeted outreach to people with specific health data characteristics, that department would need to enter into individual agreements with each clinic and social service agency that has access to this data to create this comprehensive view.
Adding to the complexity, many of the data points public health officials use to pinpoint a population’s needs are often not captured during clinical visits, but they might be collected via a community-based organization such as a local food pantry or community center. As a result, these data are not regulated by federal and state privacy laws, because only health data collected by healthcare providers are protected under HIPAA.
For-profit companies have assisted in the need to exchange data across settings to support improved coordination of care, but without federal and states laws to regulate the consent and exchange of this data, there’s justified concern data could be sold for myriad purposes such as marketing and data mining.
As a post-Roe environment has shown, patients and providers alike want to know where and with whom their data are being shared. Otherwise, they may block the sharing of any data, which puts public health and the most vulnerable populations at risk. We need a data infrastructure that can appropriately manage agile data privacy, consent and governance without turning off the sharing of all data.
A privacy-centric infrastructure for public health
Who will step up to solve the need for a more tightly coordinated — but privacy oriented — approach to public health?
Certainly, for-profit, private-sector companies recognize the value of bringing comprehensive health data together for a more complete picture of the health needs of individuals and populations. For-profit companies, however, are guided by the interests of shareholders — namely, profits — rather than the public interest. They aren’t bound by incentives to drive down complexities in the nation’s healthcare system, while also promoting privacy and equity in access to care.
States must take the lead in establishing the infrastructure to securely share data between public and clinical health entities to reduce risk for vulnerable populations. As Maryland’s experience with asthma and child welfare demonstrates, HDUs offer the right approach for states to mitigate data privacy concerns while protecting the health of those most in need of assistance.
Nichole Sweeney is general counsel and chief privacy officer for the Chesapeake Regional Information System for our Patients (CRISP). Marc Rabner, MD, MPH, is chief medical Officer at CRISP Shared Services.
Note: This article is part 2 of a 3-part series that takes a deep dive into HDUs. Continue exploring HDUs and how they can improve public health by bridging the data divide in part 3.