Sunday, August 1, 2010

The EHR Circle of Trust

Every day millions of Americans and billions of people around the globe are routinely accepting colorful pieces of paper in return for their labor and placing those hard earned possessions in modern glass buildings whose owners they do not know. It took a few hundred years to change how business transactions are conducted, but today, there is very little apprehension about depositing one’s wealth in a bank. Public trust in both the government issued paper and the financial institution’s ability to safely store the increasingly virtual representation of buying power had to be painstakingly created and watchfully maintained.

When people, for one reason or another, lose trust in government paper or banks, the entire financial system fails miserably. Public trust is a prerequisite to any national monetary system and public trust is a very delicate thing. Nations create laws and regulations around financial institutions specifically aimed at building public trust. People have to trust that paper and its virtual counterpart can be exchanged for goods and they need to trust that banks, while safely storing their funds, will always make them available to their rightful owner on demand. Banks have a legal and fiduciary responsibility to take good care of your possessions, thus very few folks feel the need to store their family jewels in a strong box under their floor boards.

The fast approaching era of Health Information Technology (HIT) raises the same dilemma faced by our forefathers trying to decide if they should take their gold coins to the bank, or stuff them in a secret compartment of their jacket, or maybe bury them under the cowshed. We need to decide if we want to make our Electronic Health Record (EHR) part of a Health Information Exchange (HIE), or carry them with us on a USB stick, or just leave them locked up in our doctor’s office. There are obvious benefits and risks to each approach.

As long as banks were easily robbed on a daily basis, and as long as nobody guaranteed that your money was safe in a bank, and as long as you didn’t travel much, the cowshed was the best option. For the frequent traveler, the lovingly sown secret pocket was the optimal choice. When bank robberies disappeared from our daily experience and boats, railroads, automobiles and eventually airplanes transformed us all into a society of modern nomads, banks became the most practical choice, particularly since government insured our deposits were safe. Having a critical mass of citizens elect to store their wealth in banks allowed the economy to flourish. Millions of small personal fortunes aggregated together served as the engine by which banks fueled growth of businesses, which in turn created more and better paying jobs and ultimately added much value to those disparate small personal fortunes. Everybody benefited.

In 21st century America, most of us travel and change residence frequently. It would be nice to have our medical records be as portable as we are. Most of us use computers every day and couldn’t imagine life without the Internet. We also recognize the benefits of aggregating millions of data points to bring about more medical knowledge, better research and ultimately better health outcomes for everybody. So why is it that most people surveyed are as uncomfortable with EHR and HIE as Farmer John was with banks two hundred years ago?

In Health Care today we are at the “daily bank robbery” stage. It seems that every day another laptop loaded with clinical data is stolen, or a hospital computer system is breached. On top of that there is very little government assurance (HIPAA) that those holding our medical records should act responsibly and not use our personal records for “getting rich quickly” schemes while possibly inconveniencing, or even harming, us in the process. So before Farmer John can bring himself to deposit his medical records with an HIE, he needs evidence that not every fifteen year old with a gun (hacker) can easily avail himself of any records he chooses to have. Security of electronic medical information must be of Fort Knox quality. This is not currently the case when all sorts of unencrypted laptops and portable storage devices are floating around in employees’ cars and homes, and most hospitals and clinics have nothing in place even remotely resembling the security of financial systems.

When you deposit your valuables in a bank safety deposit box, banks are prohibited from peeking into your box, making lists of your possessions and sharing that information, unless required by law. When it comes to medical records, aggregators may hire a person familiar with statistics to attest that sufficient data elements were removed from personal records before a sale of information takes place, so only a “very small” risk of identifying the owner remains (HIPAA § 164.514), and there is no requirement for public disclosure of these shady transactions. EHR data sets are very rich with personal, not just medical, information and are worth many billions of dollars. Selling records to marketers, employers, “wellness companies”, insurers, pharmaceutical and device corporations should be explicitly prohibited by enforceable legislation. Aggregators of medical records should be allowed to modestly profit from supplying data to non-profit research institutions, and just like banks pay interest to those facilitating bank profits, medical records aggregators should share profits with Farmer John, either directly or by reimbursing providers for electronic data collection. And no, free software is not nearly enough compensation. Furthermore, any and all dealings and data exchanges should be fully transparent to the customer who chooses to deposit records with a particular aggregator. If Farmer John does not approve of an HIE’s policies and transactions, he should have the ability to take his medical records elsewhere. We need to know that our records are properly guarded and that we are the ultimate decision makers when it comes to their utilization. Public trust will follow.

Trust is not built in a day and trust is not created in complete darkness and trust will not come about without concrete evidence that trust is possible. Asking people to trust their life records to an unnamed chain of software vendors operating with no legally enforceable regulations, while the headline news are chockfull of medical records robbery announcements, is very similar to Jesse James requesting Farmer John to deposit his life savings at the rickety bank he is about to rob. Talk is cheap and Americans are smarter than that.  Like Jesse James, I am from Missouri, so “Show Me” trustworthy conduct and I will trust.


  1. having health care nowadays are for me important. people should also take notice of ones health. we never know what will happen to us in our everyday living.

  2. What Farmer John should also be looking into is whether his state has an opt-in or opt-out policy. It's too bad ONC gave away that responsibility to each state to figure out:
    Statistical chance that the state with the poorest funding will be the first breach of citizen trust.

  3. Great article Faisal.
    50 privacy policies are going to make very interesting reading. And what happens when your data goes across state line for a consultation for example, or a BA? Is it fair game once the HIE, or BA gets it, or do they have to adhere to the original State policy?...and after a couple more hops nobody will know where is what...

  4. Very true metaphor; I compared banking and HIT just today, albeit in relationship to cyberscams. Trust is certainly the name of the game: without it, all the stimulus dollars in the world won't convince providers or patients.

    My added thanks to Faisal for the information on the state-by-state policy. That's going to be rather confusing, and I'd bet will eventually wind up in a court room.

  5. [double comment apology]
    Just saw this article over on trust as applied to banking and politics, but it's very germane to the points you brought up Margalit. Here's a dousy of a quote: "Trusting people we know very little is both inevitable and dangerous. We vote for politicians we scarcely know because we think we know their parties better than we know the individuals. We give our savings to people we scarcely know because we think we know the banks that employ them. But the institutions – parties, banks, firms – are only as reliable as the links between the individuals who make them up." It think you could add health care and doctors in that paragraph just fine.

  6. This Privacy and also Security issue is not a simple thing. I am glad ONC and HHS recognize that and I hope a good solution can be reached, but I think it will take some time. Trust takes time....

  7. Whether intentional or not, you did a fantastic job drawing a distinction between interpersonal trust and impersonal or system trust, both of which are essential if the health care system is to succeed with health IT. Privacy and security can only take you so far (and precious few of the routine breaches these days have anything to do with technical security anyway), and national or state health policy and regulations can't overcome perceived deficiencies or lack of trustworthiness by consumers, so everyone has their role to play here if the health system hopes to enjoy the level of public trust we see in the banking industry. I had lots more to say prompted by your thoughts...