Wednesday, April 16, 2008

Tectonic Shifts in the Health Information Economy

In the April 17, 2008 edition of the New England Journal of Medicine, Kenneth Mandl and Isaac Kohane provide an insightful overview of personally controlled health records (PCHR) and their implications on health care delivery. Their article emphasizes in particular the impact PHCRs will have on the biomedical research enterprise. The authors discuss how the shift to consumer control will impact the very way researchers and the public view the process of studying health information. It is very similar in spirit to the disruptive potential of sites like

Every successful prototype throws more cold water on those who have not yet faced the obvious - information is not solely the property of the care delivery organization or payer intermediary - aside for certain stewardship and limited fiduciary purposes, personal health information should be under the management of the individual patient. The rules of the game are changing.
Mandl and Kohane have already authored significant works on public health infrastructure (JAMIA) and authentication (JAMIA, reference 37, PKI that "rings"). Kohane and Altmann have also published a wonderful article on the "health-information altruist" to be found in the New England Journal of Medicine ( 2005:53:2074-7).

What is new in the article released today? A few summary points:

There are two very signficant new constituents focusing on consumer empowerment and technologies to realize this empowerment. The first are the employers who are seeking efficiencies, improved health, and cost savings. The second are strong technology entrants like Google and Microsoft - each with comprehensive offerings capable of creating a more "seamless" digital relationship between an individual identity personal health information. (These two firms are attracting the most attention. WebMD, Intuit, and many other pioneers also have exciting offerings with great potential.)

What differs these new entrants from the established health IT vendors is their primary emphasis on the individual consumer. They aren't encumbered with a large provider-centric infrastructure model like those large firms who have made great technical and financial strides servicing hospitals, clinics, pharmacies, and health plans. Simply put, provider-centric reflexes and financial growth imperatives focus established vendors to refine offerings along established lines. As Clayton Christensen would put it, becoming a "disruptive" force is difficult when your earnings depend more on expanding your current strategic trajectory. Hence, many of these vendors are of necessity trying to build a better steam locomotive while hybrid autos and highways are appearing everywhere around the railroad tracks.

Mandl and Kohane emphasis that the shift in the locus of control of health information from provider to beneficiary will most directly impact daily care delivery, but their article focuses this general argument on the "threat" such technologies will have to academic medical centers and clinical research.

In their scenario, several challenging technical problems are raised.
  • First their individual must become authenticated and authorize subscriptions from providers and sources of clinical data (e.g., clinical labs, pharmacies, plans).
  • Second, they would authorize access views or even copies of records to providers, health care proxies, and possibly intelligent software agents that seek goods and services of value to the individual (e.g., disease management programs).

They describe PCHRs as a preview into a new era of "data liquidity" that will in turn updend traditional information information hegemony practices while fostering new markets for health care services. These new markets will open both to large new entrants like Microsoft and Google as well as to smaller and more regional innovators. The PCHR vision emphasizes a subscription model. Through its "hub and spoke" approach to personal consent and control, this model avoids many of the combinatoric complexities of inter-institutional data-sharing agreements and may legitimately circumvent some barriers imposed by differences among state privacy laws.

Although the basic architecture and principles behind a PCHR are relatively straightforward, some of the policies and complexities of course remain unsolved. The illustration in the Mandl and Kohane article describing the relationships among sources of health information and a centrally-controlled health record platform allows PCHR vendors to aggregate data across individuals and, barring policies and practices limiting use, provides the technical capability for these vendors to use group data against the intent of some who would retain their personal information in such systems. Explicit policies and rights along the lines of the Markle Foundation's Connecting for Health work will become essential to maintain public trust. Along the same lines, the authors note both use of de-identified data both in the HIPAA sense (which often really isn't de-identified the way you or I would like) as well as in the more mathematically sound way espoused by Sweeny, Malin, and others cited within the article.

No matter how you slice it, significant growth in PCHRs will significantly disrupt the traditional vision of exclusive institutional control often held by academic medical centers, health plans, and many other care delivery organizations. Business as usual, is over.

If one believes these new sources will provide valuable insights (and again, is one possible test of this hypothesis), then the authors of this article are prescient when they say that "an entire generation of clinical researchers in training will find themselves with second-class or no access to the best research resources." Add to this problem the necessary growing reliance of academic medical centers on commercial health information systems that at times make clinical research technology modifications expensive. In response, the research community could take more more proactive approach to PCHR and for open-source systems devoted to clinical research and patient care.

The authors' treatment of certification and regulation is necessarily ambiguous. As an apocryphal quote goes: "it is difficult to make predictions, especially about the future." Mandl and Kohane rightly emphasize the importance of "guideposts such as a certification or a seal of approval with regard to services, software, and projects from a trusted authority."

This writer's problem: It is not clear those in charge of such certification efforts are certifying the right things. Emphasis should be first on clarifying CLIA and employer-individual privacy relationships. Some statement on data use limitations must be made since PCHR organizations are not HIPAA-covered entities. But does anyone think HIPAA is going to be fixed in the year before or after a national election such as this?

The authors identify a framework that in this writer's mind is very similar to the conundrum of the Treasury department looking at financial regulation. They speak of a "balance between patient control and a paternalistic protection against coercion and false claims made across the multiple channels of communication that are possible between these new...entities and...consumers." The speak of the urgent need for "creative and effective on-line consent processes."

They identify five hurdles:
  1. Standards
  2. Commitment of health care delivery organizations and others to publish to PCHRs
  3. CLIA revision
  4. Incorporation of information now only in paper form
  5. New approaches to identifying identity and trust

One conclusion is inescapable: the horse is out of the barn. Gradually, these many efforts will coalesce not into a standard "certified product" but perhaps at least a consensus on what is really important policy-making and what is a distraction. With this knowledge in hand, one can address the critical issues surrounding confidentiality, safety, and integrity.

The article is an inspiration. Give it a read!


Post a Comment

<< Home