Embedding Privacy in EHRs
Presidential Council Calls for 'Universal Exchange Language'The President's Council of Advisors on Science and Technology recommends in its new report that use of a new standard, built on extensible markup language, be a requirement for participating in future stages of the HITECH Act electronic health record incentive program.
"Achieving the full potential of health information technology will require the development and adoption of a robust information-sharing infrastructure to facilitate the exchange of data among institutions," the council said. Such an infrastructure would "allow health data to follow patients wherever they are, with appropriate privacy protection and patient control, while giving patients' various doctors a more complete picture of those patients' medical conditions and needs."
Call for Federal Action
The 108-page report states that the technology to create the infrastructure and exchange language exists, "but since the development of those systems is not likely to be a profitable venture in itself, the federal government should facilitate their creation and then leave the private sector to develop products that build on them."As a result, the council calls on two units of the Department of Health and Human Services -- the Office of the National Coordinator for Health Information Technology and the Centers for Medicare & Medicaid Services - to develop guidelines to spur adoption of an exchange language in conjunction with electronic health records.
The ONC is seeking comments on the report as it begins to prepare requirements for Stage 2 of the Medicare and Medicaid electronic health record incentive payment program, which starts in 2013. Requirements for Stage 1, which starts in 2011, are already in place.
Use With Existing EHRs
A universal exchange language would enable a movement from today's electronic health records "to a more medically useful and secure system in which individual bits of healthcare data are tagged with privacy and security specifications," the council said. The advisory body, however, stressed that healthcare organizations would not have to replace their EHR systems because they could be made compatible with the new language through middleware.The best way to manage and store data for advanced data-analytical techniques, according to the report, is to break them down into the smallest individual pieces that make sense for data exchange or aggregation. These "tagged data elements" pair data with a mandatory "metadata tag" that describes, among other things, the required security and privacy protections, according to the council.
"A key advantage of the tagged data element approach is that it allows a more sophisticated privacy model -- one in which privacy rules, policies and applicable patient preferences are innately bound to each separate tagged data element and are enforced both by technology and by the law," the council said. For example, a system that incorporates a universal exchange language could make it clear that a patient has requested that certain portions of her record should not be shared with certain clinicians.
"Addressing a widespread privacy concern, such a system would not require the creation or assignment of universal patient identifiers, nor would it require the creation of any centralized federal database of patients' health information," the council noted.