|
|
|
Index - Major Sections
Site Map
Product and Services _______________ Index - Same Level Subject
Index - Child Subjects |
Patient Confidentiality It seems that "Privacy" of healthcare data is the hot topic today. To make the public believe there are doing something; our legislative is busy passing privacy of information laws playing on the fears of the individuals, each trying to outdo the other. What is interesting is that the major promoter of this policy is not the individual but rather the provider themselves. In England, these Privacy laws have have made it almost impossible to implement a National Health System. The Federal and State government already collects Medicare data, drug purchases, immunizations, birth records, reportable disease databases, cancer registers, IRS (tax information on everything you do...including medical care deductions), social services data, any check your write over $10,000...and have you checked your credit rating lately? Pull us Amazon.com and they will not only tell you the last books that you purchased, but also the last book that you viewed. American Express (and others) will not only tell you what you purchased, where, and how much you paid, but they will also classify the purchase for you, and will have ran a "fraud" detection program that will predicate if you are who you say you are. The global retail chain, Wal-Mart, has the largest data-mining system in the world. Have you ever seen the satellites on top of their buildings..."Please beam up everything that I buy...please...so you can predict the store's inventory down to the product, color, style and when I am most likely to buy again and at what location in the store I will buy!" The U.S. Department of Labor and a web-based employment service Monster.com, entered into an agreement to merge public and private databases. These partners assumed that data mining might prove to be a valuable resource in the analysisand description of workforce trends! The federal government is developing/has a application that "will identify and track down suspected terrorists, and to predict their future behavior." And how will they identify these "terrorists"? Of course, by examination of every indivdual's data they can get their hands on. And do you really think that the e-prescribing of drugs that is "required" in many states is secure? You tell me the name of the drug that is being ordered and I will tell you the medical status of the individual that is ordering the drug! Today, Patients grant access to their health records every time they sign a waiver to the health insurer that then decides on the payment disposition to the doctor, pharmacy, or hospital. For the most part, the collection and organization of this data is completely legal. Some of the current privacy issues comes down to wither you want good healthcare or not. Since the government already has a vast amount of data on every one of us....why don't we use this data to do some good? It is this author's belief that there is an even greater rule of life. Every Individual has an "overwhelming" right to be as free from disease as possible. The Declaration of Alma-Ata defines health as: a state of complete physical, mental and social wellbeing, and not merely the absence of disease or infirmity, is a fundamental human right and that the attainment of the highest possible level of health is a most important world-wide social goal whose realization requires the action of many other social and economic sectors in addition to the health sector. No individual could be allowed to withhold data from health "improvement programs".
In many cases healthcare is NOT based on free market or what the individual alone wants....When you are vaccinated against whooping cough you are not the only person to benefit. Other people also gain because they are now protected against catching whooping cough from you. This extra or externality benefit is missed by the free market. Now that said, it doesn't mean that the individual has to give up his right to privacy. I am fully aware of the need for privacy of the patient's identify. However, it can go too far. One night we had a patient in our emergency room that was there for an illness due to AIDS. She was telling one of the nurses that she was still "doing” between 10-20 customers a day. She was carrying a loaded gun, but we as nurses could not tell anyone! In some countries, even the religion or ethnic group of a person can get the individual killed. Healthcare HIS systems are not well designed. The current Registration and Admission systems are responsible for collecting "All" the information concerning the patient including all demographic and medical reasons for admission. Admission systems should NOT be able to do this. InHCc feels that it is the function of "Traige" to collect the medical information and the "Social worker" function to collect the demographic (all) of the patient and his family. The Social workers are trained to do this....the receptionist is not. As an example, the billing department personal can determine easily the probable of a disease by looking at the medication given or the procedure performed...It doesn't even take a genius to do this. Yet, this is the procedure for most if not all HIS systems...and what about the "Reason you are here" that is often entered into the Admissions records...It is none of their business! ASTM E1633 set of "Confidentiality Status" values are: unwed mother, celebrity, psychiatric patient, employee, HIV patient, etc...These data values already gives too much information. This should be performed by the medical personal...not some person in the front office. The problem with all the ASTM standards is that they are "United States" based procedures that have been performed "forever" by the medical professional. The Standards are not designed to be efficient. The biggest problem in providing "privacy" is not from a researcher or an individual in the next state, but rather from the personal in the very healthcare organization as the patient. These are individual that are more than likely to "gossip" about the patient. Disclosure of medical information on individual patients (a more pressing problem than the wholesale download of limited medical data of individuals) is more often done by individuals in the "office"...all the "Consents and Permissions" established in an electronic system...do not have any meaning if the local gossiper works in the billing department of the organization. Non-Medical personal and Registration personal has no need of the motive for the client's visit. Triage or even the Healthcare Professional that services the client can be responsible for capturing this information. If healthcare depends on massive amounts of data to produce evidence based medicine, then that data should be available for research. If better processes are to be developed, then data should be made available for comparison analysis. If healthcare needs are to be forecasted, then data should be made available. It is unthinkable, that any healthcare improvement can be made without data. The biggest problem in security and privacy is the "Interoperable" and "Transfer of Data" between individual organizations that do not have the professionals to monitor and control security. It is far better, to have only the ability to transfer data to "one" well managed secure database. Security is expensive and the ability for everyone to implement security correctly, does not exist. What is important today, is that data can be maintained anywhere. It does NOT have to be even maintained in the country where the individual is resident. Instead of having every doctor's office keep the individual' data it is far better to have a central depository that provides professional security of the data. The fact is several large databases (such as the Medicare, VA or CDC database) can be protected better than a lot of smaller IT departments ran by individuals that may not be up to date on all the "bugs" out there. Leaving security up to employees in the private practice of physicians is a joke. State Governments are no better and Third Party Payees...you much be kidding! Who would you rather trust? Research data does not have to include a person's identifying data....There are easy ways to hide the patient’s identity...so what is the problem? I have talked about this at length in the section on Identification at Identification. Permissions Giving permission to “named” individuals …. It does not provide for the ability to analysis data. We want to know, if what the physician is doing is “correct.” Is the diagnosis correct? is the treatment correct? Is this the best treatment for the individual. It is believed that one of the reasons that this concern for privacy of data is that the "healthcare professional" is afraid that someone will find out that he did something wrong! Health Insurance Portability and Accountability Act (HIPAA) It is believed that HIPAA (in the sections protecting the privacy of health-care data) has done more damage to healthcare than one single event. While the stated objective of HIPAA has been to protect the privacy of health-care data it was mostly designed to protect the "proprietary" information of companies, and not to help provide good health care. HIPAA has made it extremely difficult for healthcare professionals to share information and even harder for researchers to access information. You must remember that these laws were passed in 1996. The HIPAA requires that all healthcare providers take steps to ensure the security and availability of all medical records. The law applies not just to hospitals and doctors, but also to insurance companies, diagnostic labs and any entity that handles personal medical information. Security and availability are two different sides of the same event. Security is locking down data and availability is the use of data. Security today requires "Professionals" and doctors and most hospitals are in no position to be able to provide the type of security required....and is it ok to have a conference call with another doctor and how do you monitor it? What is so bad about this, is that if someone actually wanted to get this information, it is not too hard to access. Hospitals have notoriously poor security. Hospitals have to share their information already with the many different organizations (as stated above)...It is not too hard at any of these points to "hack" into the network. Leaving it up to Providers (who are only interested in protecting their business data and in keeping data out of the hands of lawyers and consumer groups) or to Consumers who have been brain washed by their physicians may not be the smart thing to do. The individual already must report everything he does to the government....with no benefit. The consolidating of medical data would have so many benefits that it is a "no-brainer." The fact is....if this data is not made available, the healthcare system will no longer be able to provide required services.
Data Security There are any number of news items each day that speak of "hacking" into a computer system and these were very very well designed systems....well...almost.
Links What the government will not do, it is possible that private companies will do. Story Time InHCc was working with one of the largest health care organizations in the U.S. to convert a computer system of one of the hospitals that they had bought to the system that the parent organization was using. Since InHCc was also interested in Emergency health care data at the time, InHCc asked the head of the conversion for the health care organization if they would share their emergency room data with the State Emergency Health Care Services. This individual said, "there is no way that you are going to have access to any of our data." At this point, the team member of InHCc was a little angry with the response, he retorted, "suppose the state government requires that you send in to them, all information on the accident cases you admit." The individual then responded, "we will make it so hard for you to collect the data and so expensive, it will not be worth your time." It makes you wonder how much their care about their patients care. Example. Although she was putting at risk of death 20 to 30 people a day, we as Healthcare Professionals were unable to report this individual. If any information "got out" about this individual, the health care worker could be sued and could lose their jobs. Example Makes you wonder that his true reasons were for not testing the people!!! I wonder if anyone asked the subjects what they wanted. Links
|
|
|
InHCc was
working with Columbia/HCA Health Systems that had just bought into Tulane
University Hospital. This author (who was working on this project) asked the
head of project of for integration that since they already had data concerning
Accidents would it be possible if they could summit that data to the Louisiana
department of Emergency Service. This Project Manager looked at me and said,
"this is proprietary data and you are not going to get any of it". This made me
a little angry so I reply "well, what if we passed a state government law
requiring you to make this data available to us for research on how we could cut
down on our accidents." The manager replied, "if we must summit data, we will
see to it that it is so bad, that it will be useless to you!" (In 2000,
Columbia Health Systems was fined for having created false reports to Medicare.
Under the agreement, Columbia/HCA agreed to pay $745 million to resolve five
allegations regarding the billing of the U.S. government and the states for
health care costs. The agreement did not resolve allegations that HCA unlawfully
charged for the costs of running its hospitals on cost reports submitted to the
government, and that it paid kickbacks to physicians to get Medicare and
Medicaid patients referred to its facilities. http://www.againstcorruption.org/briberycase.asp?id=841