HIT Think

Why information blocking, set as an access or privacy issue, is a false juxtaposition

Register now

As the healthcare industry awaits a final rule on information blocking and enabling easier access to data by individuals, divisions are becoming more apparent between patients and individuals on the one hand and some portions of the healthcare industry on the other hand.

The divide is posited as one of access or maintaining privacy, but that juxtaposition is not really accurate.

Why can privacy not be protected as access increases? From one perspective, that argument imposes one interpretation of privacy as each individual may have their own view and appreciation for what privacy entails. The argument also presupposes that individuals will not make “good” choices on the handling of their own sensitive information, which invokes a fairly paternalistic viewpoint. Further, if all know that access will become easier, then there should also be a push to enhance standards for protecting data during transfer and during storage.

The debate is reaching a flashpoint following a report that the CEO of Epic, one of the biggest electronic medical record vendors, sent a letter to the CEOs of healthcare systems urging opposition to the information blocking rule and a push to require “better” privacy protections. The letter suggests that patients can already access and transmit their own data, implicitly saying that no change is needed.

Another implication of the letter is that the rule would undermine the role of EMR companies and healthcare delivery organizations since individuals would have unfettered access to their own data and would be sending the data all over the place.

The arguments ignore the reality that many patients face. First of all, access remains a problem. A right of access is already included within the HIPAA Privacy Rule, but compliance remains inconsistent at best. It is often stated that complaints around the right of access form the plurality if not the majority of complaints under HIPAA received by the Office for Civil Rights each year.

If access were as easy as suggested, then it would not have been necessary for OCR to begin making examples of organizations through the imposition of fines under HIPAA (two such fines were announced toward the end of 2019). The settlements really only reveal the tip of the iceberg, too. Stories and experiences shared on social media and other venues show that individuals can be put on a never-ending quest just to get information about themselves.

Why? Answering that question is not easy. Maybe a historical answer would have been that the doctor knows best or, from a business perspective, it was easier to keep an individual “within the system” if all of that individual’s data were kept in the same place.

That world no longer exists. Now, the best argument may be that the world economy has become one premised upon the value of data. The more data that are held, the more potential for monetization, analysis and more. A “free” release of data undercuts that position and weakens the value of the data that are retained. As such, if access can be complicated to such a degree that most people would give up in frustration, then the value of the data can be preserved.

The second major issue with the Epic letter is the desire to preserve some arguably artificial spot in the industry. Holding onto a static position is not often a good argument to resist change. Resisting change from such a basis can serve to hasten a fall or make the eventual fall that much more drastic. Instead of resistance, change should be viewed as an opportunity to grow and innovate.

A lot of newer companies are seeing the world through this lens. Rights of individuals are being promoted and enhanced. Instead of trying to deny access to data or holding onto the data for their own purposes, companies are actively working with individuals to spread access, which in turn empowers individuals. If individuals are empowered and working in conjunction with a company, then both can benefit.

The concept of individual empowerment taps into another shifting dynamic within healthcare, namely the role that everyone, which means clinicians, patients, care delivery organizations and others, need to take.

The movement to value-based care, whether clearly acknowledged or not, requires everyone to be invested in changing. If only one or two parties seek to change, then failure is much more likely.

For example, what happens if an insurance company pays a clinician based on quality measures, which are driven by changes in patient outcomes? The insurance company will only look at hard data. At the same time, the clinician can recommend all appropriate actions and options to a patient, but if the patient chooses not to do anything, then only the clinician suffers the consequences. In that example, the patient was left out of the transition to value-based care.

How can an individual be brought more directly into the discussion? Aside from including them in the financial discussions, opening access to data and driving a better collaboration can be eye-opening. If an individual can see, track, manage or otherwise interact with their own data, then different understandings can arise.

Additionally, if data are going to individuals, then means of bringing in additional data generated by the individual outside of the traditional healthcare setting also becomes more possible and beneficial. Such a snowball effect is a possibility, although admittedly not without challenges. While challenges do and will exist, why should that outcome not be given a chance to exist?

All of these discussions then come back to increasing access to data, but doing so in an informed and considerate manner. A thoughtful approach can build privacy into the process in a way that does not obstruct but enhances the process.

Further, limitations of existing laws, namely HIPAA, are being highlighted by these changes. If that is the case, then maybe it is time for a change. States seem to be acknowledging that reality, but a fragmented approach that could potentially result in 50 or more compliance paths to tread brings a high likelihood of frustration.

The current state cannot remain, but the future is not completely set yet either. Now is an opportunity to collaborate and coordinate among all stakeholders. Formerly entrenched positions can be dug up and divides crossed. Fighting between interests will not help anyone. Ideally, open dialogue will occur that moves toward an end result that brings all invested parties together.

For reprint and licensing requests for this article, click here.