Most everyone has received junk mail, spam, and/or telemarketing phone calls pitching everything from mortgage and student loan offers to male sexual performance enhancers. Almost all commercial and non-commercial consumer business transactions and consumer demographic information are stored in electronic formÖin someoneís database. These databases of information are constantly sold, exchanged and/or shared. Commercial and non-commercial entities use data mining technology and the internet to increase marketing effectiveness and decrease costs. For example, if you happen to belong to the Sierra Club and are a registered Republican or live in a mostly Republican district, you might receive an automated phone call touting the environmentally friendly position of your state representative or congressional candidate. This type of targeted marketing is the direct result of consumer information data mining.
Today there is a movement to convert health data into electronic form creating an electronic medical record (EMR). Healthcare professionals and health systems would use the EMR to streamline communication, to improve the quality of healthcare provided and hopefully reduce costs. The EMR is usually specific to a healthcare encounter or a number of encounters related to a common healthcare issue. Because EMRs are encounter specific, they tend to be more like snapshots of an individualís health history. And because different health systems and providers use different types of systems to capture and maintain EMR data, it is difficult to create a total health picture of an individual from these disparate pieces of data. In addition, EMRs do not always have important consumer generated health data like frequency of insulin injections and the related glucose reading, allergies or emergency contact information.
Personal Health
Records (Read the full report
by AARP) or electronic health records (EHR) are a potential
solution to the problem of creating a complete health picture out of
disparate
health data. In fact, Congress has proposed the "Federal Family Health
Information Technology Act of 2006" (Read H.R. 4859)
which would ěprovide for the implementation of a system of electronic
health
records under the Federal Employees Health Benefits Program.î Read http://govexec.com/dailyfed/0906/090606p1.htm,
http://govexec.com/dailyfed/0906/091406markup1.htm,
and http://govexec.com/dailyfed/0906/092606tdpm2.htm.
It seems that the PHR is a foregone conclusion for the general public
if the
benefits are proven.
However, the proliferation of electronic health data could mean that in the future, you might receive an automated phone call or email from a pharmaceutical company proclaiming the effectiveness of their new ADHD medication for children. Why would you receive this call? Because your child was just recently diagnosed with ADHD and her pediatrician maintains an electronic medical record of his patients. Or that male enhancement spam email is replaced with information about your neighborhood fertility clinic. Why would you receive that? Because you and your spouse have been having problems conceiving and your difficulty is documented in detail by your physician who maintains an electronic medical record of all of her patients.
Health information privacy has been historically achieved, in significant part, by virtue of the physician Hippocratic Oath and the mere fact that most health information was kept in paper files. So for someone to know that Doctor X had health information about you; you had to first tell them about the visit to Doctor X. If you did not tell them, that slip in judgment that resulted in a need for serious antibiotics pretty much remained between you and Doctor X, especially if you paid cash for the visit.
How could health data privacy be achieved in the world of the PHR? In 1996 Congress enacted the Health Insurance Portability and Accountability Act (scan HIPAA). HIPAA consisted of two parts: 1) A framework for the portability and continuity of health insurance and 2) A framework for health data standards and exchange requirements. Part 2 of HIPAA required either Congress or the Secretary of Health and Human Services (HHS) to promulgate guidelines for, among other things, electronic health data standards and privacy. The Secretary proposed guidelines to Congress in September of 1997, which you can see, but do not need to read, at Confidentiality of Individually-Identifiable Health Information. However, Congress failed to ratify the guidelines in the timeframe mandated by HIPAA. Consequently, the Department of HHS proposed standards for privacy in 1999. The guidelines were modified in accordance with HIPAA requirements and ultimately approved by President Bush in 2001. The approved guidelines are available for you to see at http://www.hhs.gov/ocr/hipaa/privrulepd.pdf, but you do not have to read them. Instead, read the Department of HHS summary of the current HIPAA privacy guidelines. Finally, the Department of HHS has proposed amendments in 2006 to the 2001 guidelines in accordance with HIPAA requirements which you can see, but do not need to read at (HIPAA Administrative Simplification).
Are PHRs and EHRs a good thing or are the potential benefits not worth the potential price? Read ConsumerReports. Should PHRs or EHRs be mandatory? Can the information be subpoenaed? Is HIPAA enough? Will itís privacy guidelines be enough to prevent PHR or EMR health data from becoming "public" marketing data? There are some who say not! Read Patient Privacy Rights.