Her organization, Patient Privacy Rights, recently issued a white paper outlining an approach to giving patients opportunities to offer informed consent for accessing their records. In an interview (transcript below), Peel outlined the key points in the report, including:
- If patients aren't confident their information will remain private, they might avoid treatment or withhold important facts.
- Existing privacy enhancement technologies effectively enable patients to select what data they want to share with specific clinicians and organizations under what circumstances.
- Health record banks are the best solution for enabling the secure exchange of data because they enable patients to control access to all their records that are stored in one place.
The consumer advocate also says patient consent recommendations from a privacy and security tiger team advising government regulators "fall very short of what the public expects" because they inadequately spell out ways for patients to exert control over who accesses their information.
Peel is the founder of Patient Privacy Rights, a health privacy watchdog organization with 10,000 members. A practicing physician, Peel became active in privacy rights at the federal level in 1993. She advocated first as an individual and later on behalf of state and national medical specialty organizations for patient control of access to medical records. She has made presentations at national panels and Congressional briefings. She is the co-chair of the Committee on Government Relations and Insurance of the American Psychoanalytic Association.
HOWARD ANDERSON: Your organization recently released a new white paper making the case for patients to have full control over their personal health information. Please summarize why you believe that patients now have inadequate control of their records and what needs to change.
DEBORAH PEEL: Today, Americans have almost no control at all over what happens to electronic health information that is created about them, and this is really the fault of two things. The software that was put into healthcare was never designed to make sure that the patient is asked before someone sees the information. So instead of building systems that comply with our laws and our ethical rights, electronic health system designers just used kind of what they had off the shelf, and that has been really a disaster for medicine.
But the second part of it is the public hasn't been told that the HIPAA Privacy Rule was gutted in 2002 and it no longer protects privacy. The HIPAA Privacy Rule started out as a rule requiring your consent for the use of health information for most purposes -- treatment, payment and health care operations -- but in 2002 that right to get your consent was taken out of the rule. It now says that permission is given to covered entities to use and disclose your health information for treatment, payment and healthcare operations. The covered entities are everything from a solo doctor like me to Hospital Corporation of America to self-insured employers....What that means is your doctor or your hospital or even your employer --these are the people that make the decisions about if they need your information and if they can use it for treatment, for payment or healthcare operations. You don't decide anymore. In fact you can't.
So those are the reasons we don't have privacy anymore. And what we're facing right now is millions of dollars are being dumped into every state, billions around the nation to make sure that every doctor uses electronic health records and that they will be shared and disclosed through various kinds of data exchanges endlessly, again if we don't do this right without your consent.
ANDERSON: Speaking of data exchanges, a committee advising regulators on health information technology policies accepted a list of recommendations on patient consent issues prepared by a privacy and security "tiger team." The team called for the use of what is called, "meaningful consent" for the exchange of information. So what did you think of their recommendations?
PEEL: Their recommendations really fall very short of what the public expects. They were trying to find some way to put boundaries around these newly invented organizations called health information organizations, where there are essentially giant data banks pooled of everyone's information that all sorts of others can use for data exchange without your consent. They were trying to set some limits on organizations that are being set up to collect everyone's health information. They call the consent "meaningful," but the problem is what is meaningful to the average person is knowing that my information goes to a consulting doctor or to a hospital that I'm transferring to, or to an emergency room in Alaska where I happen to be on vacation, or to my insurance company for payment.
Americans are really familiar with having their health information go to someone they know, or some institution they know, for a single purpose. They have no idea about the kinds of things that are going to be done with their data that are now mandated by federal law. So we think that what the tiger team did was a very, very partial beginning toward restoring the type of control that has always been the basis of really the whole practice of medicine.
ANDERSON: What work remains to be done do you think?
PEEL: Well we don't think that this is ever going to work unless we take the ethics in the law that has enabled people to trust doctors for the 2,400 years since Hippocrates and we make sure that these new systems give us the same kinds of powers and control that we've had in paper systems. So we think that Congress is going to have to, at some point, restore our right of consent. They are going to have to fix the broken HIPAA privacy rule.
The other thing that we think is going to have to happen is that the various players in healthcare are going to have to step up and put patients at the center of the healthcare system. The new head of the Centers for Medicare & Medicaid Services, Don Berwick, has said that he believes that we really need to move toward a patient-centric system, particularly because of the ease of sharing, storing and collecting data electronically. So he says that he believes that records should belong to patients and even doctors should have to ask for them.
And not long ago, HHS Secretary Kathleen Sebelius announced an administration-wide change to put patients in control of who sees their information. And at the same press conference on July 8, David Blumenthal, director of the office for health information technology, seconded that, saying that they wanted patients to have maximal control over information. Why are these things happening? Because the people at the top are finally realizing that without privacy, people won't participate in these systems. They will avoid treatment. They'll leave information out. They'll even lie about information, they'll refuse to get tests.
Our message is: We have to build privacy in it first because it's a limiting condition. HHS' own figures show that 600,000 people a year today refuse to get early diagnosis and treatment for cancer. Why? Because they know the information won't stay private. Two million with mental illness refuse to get treatment. They know the information won't stay private. We really can't have systems that keep sick people out and cause us to have missing and incomplete data. We've got to go back to systems that work for patients, and we promote the privacy-enhancing technologies that are out there that have been working...and we need to put them into wide use.
So, we're recommending that everyone look at the video of the consumer choices technology hearing in Washington on June 29. You will see seven privacy-enhancing technologies demonstrated there, where you can see the consent systems up on the screen, systems for segmentation of data and so on. We can do this. We can do this right and we should do this now before the entire stimulus billions are blown.
ANDERSON: Along those lines, the tiger team in its recommendations said it was premature to give patients the opportunity to consent to sharing some, but not all, of their health information. They argue the technology for granting kind of what they called "granular consent" is relatively new and further pilot tests are needed. So what do you think?
PEEL: Well they are actually wrong. There has been a very effective system that enables the selective sharing of health information in use. It's open source and it's been operating for over 10 years in nine states, enabling the sharing the information for patients with mental illness or addiction conditions. The National Data Infrastructure Improvement Consortium has put together open source EHRs with great consent models that are now translated into HL7. They work fine. We have long recommended that this should be the minimum functionality for health data exchange in this nation in every state.
All 50 states have laws requiring extra protections for certain kinds of sensitive information. Protecting genetic, sexually transmitted diseases, mental health and addiction information is a federal law. So the idea that we can't do this, or these things don't work, is wrong. That federal law is why we already have great open source technologies that work. That can allow this kind of granular control for patients.
And if you have a tool that allows certain information to be held back, it could be whatever kind of information that is sensitive to the doctor. It might be the holding back of information about some conditions that people don't want to be widely known. It could be something like irritable bowel syndrome, or it could be about sexual dysfunctions. I mean there are a lot of things that are sensitive that aren't specifically protected in law, and people have always been able in the past to keep that information away. Why does your dentist need to know that you have marital problems? People have always sliced and diced who sees what information. It is reflected in our state laws and in federal law.
ANDERSON: In the white paper, you argue that patients should be offered a choice from among a set of privacy profiles or consent rules and that they should be given examples of how consent directives can be set up. Can you explain a little bit about how that would work?
PEEL: The future will be a place where each person sets their individual consents -- a series of broad directives and very specific directives, and then there will be things that aren't covered. We have to have one place where we set our consents and all those that hold data will have to automatically electronically check our rules before they do anything with our data. We have to have that. That's the future, because it is impossible to set up consents in multiple places....This way, whenever data holders check with us, the rules would be current. And because the holders of data check with us, we would automatically be able to have audit trails of who did what.
So as far as the consent directives, we envision people being able to set broad directives that reflect how they operate. You can slice and dice by directive who sees what and when. You could have directives about research. I'm very interested in being contacted for any research on juvenile onset diabetes, or I've met many parents with children who have a rare genetic disorder who know certain researchers in the field. They actually want to contribute their kid's information to a particular researcher. We should able to do that. We should be able to make directives that send our information to those that we know and want to have it for defined purposes for a limited time. That's the future. And the tools really exist to have those kinds of consents; we have to have the will to go there.
ANDERSON: Finally, you also advocate the use of health records banks as the best solution for enabling the secure exchange of data. Can you very briefly explain that model and why you think it is the best approach?
PEEL: It's the only way that patients can control the flow of information. You know, the idea of the health bank is it would be a non-profit and regulated so that it is a place where no one controls your health information but you. That's in contrast to health information organizations, which are the flipside of that...where you dump all your information in and they control it. We need one place where we can collect and safely store our health information that we control....The data mining industry doesn't want people to have consent, and so then to exchange data you have to get into some very strange and complex legal agreements for data sharing between so-called stakeholders.
The point of the health bank and the point of putting patients in control of data is that all the obstacles go away. You simply ask me if you can use my information for a purpose and electronically, automatically my rules say yes or no, or I'm pinged on a cell phone or electronically to agree or not to what you want. Patients can make the data flow. There are no legal barriers. It's our information to control. The simplest way for health information to go where it's needed at the time it's needed and the place that it's needed is by asking me. So a health bank would enable that. If I'm unconscious in Alaska, I could have a standing directive that for emergencies my health bank account will release whatever information the American College of Emergency Physicians recommends or whatever that specific doctor wants.
So the health bank, because we can collect the data about ourselves, would be the most current, complete record, bar none. It would be the most useful for treatment, and because we see the information, we can correct all of the wrong things and end up in health records. We really need to have one place where there is an accurate, complete copy of information. It should be under control of the patient.
And the other thing is, with the health bank, we could have far richer data about ourselves than any hospital or doctor would ever want to keep up with. So what I'm talking about is, data on exercise, occupations, environmental risk. But imagine if we had a database that had far richer than just simply traditional medical information for research. Maybe then, combined with genetics, we could actually understand the environmental causes or contributions to breast cancer.
The other beauty about using a health data bank as a place to do research and as the place from which to send and disclose data is if researchers have queries, instead of us sending all of our data to all of these researchers to lose it on laptops or whatever around the world, the research queries could be run on the data in the bank, not sent out, and the answers could be given to the researchers. So most people would be very, very willing to participate in research without have to risk that their data is going to get hacked, lost, or misused by a whole new set of people that work at the research institute.
The health data bank would make a lot of sense because if it holds a lot of peoples' data, then the kinds of iron-clad security protections that are needed can be put in place. So structurally, architecturally, and with good technology we think health data banks really make the most sense.