But instead of each of patient being informed about the level of risk and then deciding if that level risk is acceptable before agreeing to participate in research, the government will decide the "acceptable level of risk in order to be able to use the data".
Two major problems need to be addressed before "de-identified" public use data (PUD) is released for "research":
First, the "research" loophole in HIPAA allows any corporation to get access to our health data without consent, at low or no cost, simply by claiming that it is doing research.
This loophole needs to be closed. Most 'research' use of health data today is not what Congress intended: i.e., research to improve patient health or to prevent illness. Instead corporations claim our data will be used for 'research' when in reality they sell it or use it for business analytics. Business analytics is used by industry to discriminate against people in jobs, credit, and educational opportunities. The health data mining industry is exploiting the "research loophole" to obtain Americans' health data to improve revenues, not to improve patient treatment or health.
The name for that is fraud.
Patient Privacy Rights submitted a memo to the Centers for Medicare and Medicaid Services highlighting the difficulties of anonymizing data for public release and advocating an "adversarial challenge" criterion for assessing the threats associated with such releases.
What if banks suddenly decided that account holders would now have to accept a .04 percent risk of electronic theft of funds and/or that a .04 percent rate of error in our deposits was 'safe' enough? Would that be an acceptable level of risk? Is any rate of theft or error acceptable for our money?
Why should we accept anything less than a zero percent risk of theft or error for our health records?
I just want to know who actually thinks population health can be done reliably with de-identified data [Government Health IT, Oct. 1, 2010, "ONC studying risks of de-identified patient records" .
Certain things can be done but my experience is that you need some kind of unique personal identifier and demographic information that even without identifiers can potentially be used to reconstruct identities.
More effort needs to be spent on the security of the systems and who in the public health community needs that level of access. Security and role identification are the key components to an effective NHIN/PHIN set of systems.
The real issue is invasion of privacy when others feel they have to provide such data down to the individual level. That's the bad side.
No one should have that level of information. I feel the lowest level they should collect this information is at the city level. No Social Security Numbers, no names-first, middle or last, and no street addresses or info that can be traced back to any person.
I studied a very similar system in New Zealand and I can say that the complexity of this undertaking is almost certainly being hugely underestimated. This project should not be started unless they can show in a clear and compelling way how they will be addressing complexity. Otherwise, this project has a very low probability of success.
"I think once physicians get used to using the computer to e-prescribe, they may be a little more comfortable moving to the full electronic health record," Blumenthal said. [Government Health IT, September 21, 2010, "Blumenthal: 2013 meaningful use to ramp up HIE, decision support" .
Definitely!!!!!!!!
In the 80's the Military Health System brought out the Composite Healthcare System, and with it eventually came electronic order entry " and with that the ability to create 'order sets'.
At first, providers were slow to adopt. In my opinion, this was due to a lack of training and adequate one-on-one follow up. As time went by, this problem self resolved to a point where the previously needed forms for ordering labs, rads and meds were only used during computer failures.
With the adoption of AHLTA, the Defense Department's electronic health record system) in 2003 to 2005, order entry became a part of the EHR. Again, training was needed and again (in my opinion) inadequate training was provided. Now in 2010, the DOD is looking for a replacement for AHLTA. Billions were spent, billions more will have to be spent.
Again, my opinion, a lack of adequate training is at the heart of the 'problem'.
You cannot just rush into Dr. Smith's Family Clinic, load up a software package, show a few power points, slap some backs for a few days and take off for the next clinic. Then, when Dr. Smith has questions, have him call some 'geek' at an 800 number who will write up a "ticket" and have someone call him back -- in the future. Meanwhile, Dr. Smith has a sick patient on his hands. Training and follow up, again my opinion, is the key. Dr. Smith wants and needs to know that he has someone he can call and get help " right now.
The current Stage 1 (meaningful use) requirements may be set too high as a 'starting point'. Therefore, state and local regional extension services (RECs) will be a key factor and need to be pushed hard. Bottom line: We can do this! But, the provider must be given a chance to succeed.
-- Terry Kimball, Colorado Springs, Colo.
