Secure Records Access: A New ApproachNew York HIE to Take a Lead Role
New York's statewide health information exchange will soon enable patients to securely access their own records from different clinicians via one portal, says HIE leader David Whitlinger.
The Statewide Health Information Network of New York aggregates patient records from 80 percent of the hospitals in the state, as well as many primary care and specialty physicians. SHIN-NY will be one of the first HIEs in the country to offer patients access to their records from multiple healthcare providers via a portal, which will tested this fall and fully implemented early next year
"To a large degree, the patient hasn't had access to their records," says Whitlinger, executive director at the New York eHealth Collaborative, which oversees SHIN-NY. "It's a very significant step forward in that this portal gives patients access to their records the same way that any clinician in the community has access," he says in an interview with HealthcareInfoSecurity (transcript below).
Patients will be given the ability to see audit logs to know who has been viewing their records. "These are the first key characteristics that patients are really excited about - having this level of transparency and access," Whitlinger says.
Under Stage 2, healthcare providers must offer patients a way to securely access, download and transmit their health information. Many hospitals and physician group practices will create their own patient portals to provide records access. But the New York HIE's portal will offer a way for patients to gain access to their records from numerous providers, perhaps sparing them a visit to multiple portals.
In the interview, Whitlinger discusses:
- The portal's patient credentialing and authentication process, including use of two-factor authentication;
- How health data will be protected during patient access, download and transmission;
- What he sees as the biggest privacy and security challenges involved with patient portals.
As executive director at NYeC, Whitlinger leads the organization's HIE-related efforts and its work as a regional extension center assisting healthcare providers making the shift to EHRs. Previously, Whitlinger was director of healthcare device standards and interoperability for Intel in its digital health group. He also led the Continua Health Alliance, focused on establishing an ecosystem of interoperable, personal telehealth systems.
MARIANNE KOLBASUK MCGEE: Please tell us briefly about NYeC's plans for a patient portal. For instance, when will it become available to patients? How will it connect to New York's statewide health information exchange? How common is it for health information exchanges to provide patients with access to their records?
DAVID WHITLINGER: As you may know, we've been building the Statewide Health Information Network of New York, or SHIN-NY, for a number of years now. The SHIN-NY platform that we've been building really represents a large number of patient records as it's aggregating these records from all of the different providers who are connected to the network - 80 percent of the hospitals, an increasing number of primary and specialty care. We're starting to get a very, very rich number of records from across the community.
The platform itself, in addition to having all of those clinical records, also has the policies of access to records embodied in it. This is the patient's right to control who has access to the records, and the patient then can use the platform to specify which providers can use the records.
Lastly, we have a programmatic interface, an ability to build software applications against this platform. With this patient portal ... [we'll offer] the ability for a patient to access all of that clinical information. It's not in a separate system. It's the SHIN-NY network itself and it's giving patients access to their records just like all of the other clinicians have access to their records.
Meeting Stage 2 Requirements
MCGEE: How will the portal help healthcare providers meet patient engagement requirements of the HITECH Act Stage 2?
WHITLINGER: As you know, the meaningful use Stage 2 providers now need to give patients access to their records. As many providers have determined, that may or may not be of high value if that portal is simply attached to their own single EHR, because that's just a small slice of a patient's full clinical records, particularly if the patient sees many providers. If they are one of the people ... seeing a lot of providers simultaneously, each of those might have an individual patient portal, and that might create more complexity for the patient to understand their health records and their health conditions than creating an easier access.
What we've put together here is that if all of the records are available through the network and then there's one place for the patient to go through that portal, then that's a better patient experience. It achieves what the ONC [Office of the National Coordinator for Health IT] and what CMS are trying to accomplish with regards to patient engagement and patient access. Collectively, what we've been able to work out with the ONC is that anybody who's connected to the network and exposing records such that they're available through our patient portal will get credit for any of the patients that access the portal. In essence, the 5-percent mark of a percentage of patients who you must be accessing records [under HITECH stage 2] is easily achievable because we're using it as an aggregate; it's all of the patients that access any one record that contributes to all providers' 5 percent. It's a win-win across the board.
MCGEE: What kinds of data will patients be able to access through the portal?
WHITLINGER: It's all of the records that are available from the interfaces that have been connected to the EHRs ... That's a mix bag because, in some case, we have more antiquated EHRs that perhaps were connected to the network prior to meaningful use. The types and volume of data that they're contributing are a little bit less than a more robust product that's fully up to meaningful use Stage 2 criteria and certification. But they're things like labs and medication lists and records from individual providers, including notes. It can be a very robust set of data and, increasingly, as the healthcare community upgrades their products, over time that richness of data will increase as well.
MCGEE: How will patients be credentialed and authenticated to use the portal?
WHITLINGER: You can look at this in much the same way as the banking community has created online credentialing for that very sensitive information. At the outset, a patient will be required to go through an authentication process, an initial setup process that uses a very similar mechanism that's used by the credit bureaus in order to determine you are who you say you are. There's enough historical information and questions that you have to answer that only you would know the answer to in order to set up an account online. If for some reason it can't be determined because there's insufficient information, then it might have to be done in person.
From there, you have an account set-up and it has a very strong password, and if you believe that your health information is sensitive enough, it can also have two forms of authentication, or what's known as a second factor. That might be in the form of a PIN number that's only produced through a cell phone or similar mechanism when you actually log in. The authentication after you've proven who you are and set up your account can either be strong or extremely strong, if you believe that you want that to be on top of your login.
Accessing Data on Patient's Behalf
MCGEE: Can patients designate others to access their records on their behalf?
WHITLINGER: Initially, no. We're only giving patients access to their own records, but that's very much where we'd like to get to next year as we start to do that proxy. That might be for parents that are proxy to their children's records, or for adults to have proxy to their parents' records in order to provide the best possible opportunity for care management.
Securing Patient Data
MCGEE: How will patient data be secured as it's viewed, downloaded and transmitted?
WHITLINGER: As it's viewed through a clinical viewer or the portal itself, that has all of the same mechanisms that you can imagine with online banking. It clears all of the caches ... such that there's no memory of that information in the system that's accessing it. It is simply looking into the network, viewing the information and then destroying that view of information after the individual logs out.
Downloading and Transmitting Data
MCGEE: Will patients be able to download and transmit that data, and if so how will that be secured?
WHITLINGER: There will be the opportunity to download the information, so to speak, in the same way that the federal government is promoting the Blue Button technology. This is the ability for clicking on a button on the portal and then it gives you the opportunity to download your record either as a PDF or in what's known as a machine-readable format. That's the standard that's used in healthcare IT these days for moving records around. Either one of those will be possible for download. Then, the patient is taking on the responsibility for managing that record themselves. They now have their own copy. If they're unfortunately careless with it, that could lead to trouble. But they have downloaded that version of it or a copy of it and so they're taking the responsibility for managing it.
Requesting Changes or Amendments
MCGEE: Will patients be able to request changes or amendments to their health information through the portal? If so, how will that be handled?
WHITLINGER: It's a very interesting question. We're not looking to allow for a two-way communication to be between the provider and the patient through this portal immediately, although that will be something that transpires over time. We're hearing more and more about how providers are interested to see what patients do with this information and how it affects their care. At times, we do expect the patients will be going back directly to providers and commenting on inaccuracies of the record or perhaps clarifications if for some reason the patient doesn't think that these records represent their healthcare.
Top Privacy, Security Challenges
MCGEE: What are the biggest privacy and security challenges involved with the patient portal so far, and how are you addressing those challenges?
WHITLINGER: It's very interesting because what we hear repeatedly in all of our conversations around privacy and security is less about what are you doing to protect me, but more about what are you doing to give me access and give me transparency to the system.
If you think about it, to a large degree, the patient hasn't had access to their records and they don't have access to the same level of information in the same level of auditing that the provider community does today. It's a very significant step forward in that this portal gives patients access to their records the same way that any clinician in the community has access. Also, it gives access to the patients so they can see the audit logs to know who has accessed their records and who from the clinical community has seen their records. They can actually contemplate whether or not those clinicians appropriately accessed or did not appropriately access their records. Those are the first two key characteristics that patients are really excited about, having this level of transparency and access.
Beyond that, privacy and security seem to be very basic expectations that have already been in the past paved by the banking community. They do expect you to have the security and technical mechanisms in place to protect the information and encrypt the information as any robust healthcare IT environment should today.
MCGEE: When do you expect the portal to go live?
WHITLINGER: We'll start doing pilots in November and we'll be getting it certified such that it can be used for meaningful use Stage 2 by our provider community. There will be hundreds of patients by the end of the year. In Q1 of next year, we'll start a much more significant roll-out across the state.