Today, June 25, 2008 the Markle Foundation’s Connecting for Health Initiative, a public-private collaborative group engaging more than 100 organizations representing all major components of the health sector, released a new framework to increase health end-users participation and protect information. ACOR is one of the organizations endorsing the Framework. Entitled “Common Framework for Networked Personal Health Information” it proposes a set of practices that, when taken together, encourage appropriate handling of personal health information as it flows to and from personal health records (PHRs) and similar applications or supporting services.
The Common Framework resources are intended to foster network relationships and, ultimately, to enhance trust among the following parties:
- Consumers, including patients, their families, and caregivers.
- Heath Data Sources, meaning any institutional custodian of the individual’s personal health information. This may include health care providers and clinics, hospitals and health care systems, health insurance plans, clearinghouses, pharmacies and pharmacy benefit managers, laboratory networks, disease management companies, and others that hold data related to the personal health of individuals.
- Consumer Access Services, an emerging set of services designed to help individuals make secure connections with Health Data Sources in an electronic environment. These services may be offered by a variety of organizations, ranging from existing health care entities to new entrants to the health sector (e.g., technology companies, employer coalitions, affinity groups, health record banks, etc.). Such services are likely to provide functions such as authentication as well as data hosting and management.
The Common Framework resources are designed to guide organizations participating in “Consumer Data Streams” — the flow of personal health information into and out of consumer-accessible applications such as PHRs.
The Framework, based on the immutable fact that health end-users (the e-patients) are network participants, is composed of a set of documents, discussing in detail the 9 consensus policy principles and the associated technical overview.
The principles provide the foundation for managing personal health information within consumer-accessible data streams. Taken together, they form a comprehensive approach to privacy, the hallmark for which is that personal information be handled according to the individual’s understanding and consent.
In brief, the principles, and the corresponding papers in this Framework, are as follows:
- Openness & transparency: Consumers should be able to know what information has been collected about them, the purpose of its use, who can access and use it, and where it resides. They should also be informed about how they may
obtain access to information collected about them and how they may control who has access to it.
- Purpose specification: The purposes for which personal data are collected should be specified at the time of collection, and the subsequent use should be limited to those purposes, or others that are specified on each occasion of change of purpose.
- Collection limitation & data minimization: Personal health information should only be collected for specified purposes and should be obtained by lawful and fair means. The collection and storage of personal health data should be limited to that information necessary to carry out the specified purpose. Where possible, consumers should have the knowledge of or provide consent for collection of their personal health information.
- Use limitation: Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified.
- Individual participation and control: Consumers should be able to control access to their personal information. They should know who is storing what information on them, and how that information is being used. They should also be able to review the way their information is being used or stored.
- Data quality & integrity: All personal data collected should be relevant to the purposes for which they are to be used and should be accurate, complete, and up-to-date.
- Security safeguards & controls: Reasonable safeguards should protect personal data against such risks as loss or unauthorized access, use, destruction, modification, or disclosure.
- Accountability & oversight: Entities in control of personal health information must be held accountable for implementing these principles.
- Remedies: Remedies must exist to address security breaches or privacy violations
The Common Framework is released at the same time there is renewed legislative activity on the PHR/EMRs:
- Rep. Charles Boustany (R-La.) has just introduced a bill (HR 6345) that aims to expand the use of patient-controlled personal health records.
Charles Boustany, MD, a heart surgeon, is making a case for personal control in health IT. “
We must do more to empower health care consumers and providers with better information about health care costs and quality, and protect patients’ control over their personally identifiable information and individual treatment decisions.”
The Patient-Controlled Health IT Act would give patients the right to receive their medical histories in an electronic form from their health care providers who use electronic health record systems. In addition, the bill would provide financial incentives to health data organizations for importing clinical data into patients’ PHRs, as well as to physicians who use those data while treating patients.
Rep. Boustany was quoted as saying, “One way to lower the cost and improve quality is to adopt [PHRs] to help doctors and other health care providers limit duplication and errors, but we should go further to put the patient in control.”
- The House is due to introduce a bi-partisan bill that would promote the adoption of a nationwide electronic health record system.
It is pretty clear that PHRs and Health IT are becoming a major topic of discussion both in DC and at an increasing number of large and small corporations. All of a sudden everybody is realizing that you cannot have a working healthcare system without putting the health services end-users at the center of the system and without providing them with the necessary tools to become informed, engaged and ready to show the benefits of participatory medicine.