I’m just back … and still a bit jetlagged … from a fantastic two weeks with my family in Spain. Monday I’m headed into work, and while I’m jazzed to be back with the team, I’d be lying if I said I wasn’t dreading it a little bit too. Because I know I’ll just have to jump back into the “same old arguments” which waste so much of our time…
Who “owns” my health information?
This is a dumb and meaningless question. Instead ask “What LAWS apply to THIS PARTICULAR COPY of health information?” The answer(s) to that question can be super-helpful.
Do people have the right to access and receive copies of professional medical records about themselves?
Yes. There are a few important but rarely relevant exceptions, but this is the case by law in the US, EU and pretty much everywhere else.
Can they do what they want with that information?
Yes. Once the individual has a copy of their information, they can do whatever they want with it. Just like a paper report they carry out of the doctor’s office.
Do people care?
Yes, when it matters. No, when it doesn’t. The real question is, can we make collection and management of health information easy and automatic enough so that it’s there and ready when it matters.
Will doctors trust information that comes from patients?
Yes, at least as much as they do every day when asking questions during an exam or reading the forms patients fill out. And more when the information comes from a system like HealthVault that provides audit trails.
Are independent PHRs covered by HIPAA?
Nope. But they are covered by various laws, for example those overseen in the US by agencies like HHS (breach handling in HITECH), FTC (standard fair trade practice / consumer protection stuff) and FDA (at least for systems like HealthVault that self-classify as medical devices). ***
… and so on…..
It’s all kind of silly, really. The bottom line is — too many health decisions today are made with incorrect or incomplete information. Empowering individuals to be an effective “information hub” between providers is our best hope at solving the problem. So let’s just get on with it.
Time to go on the offensive. Stay tuned!
*** This doesn’t mean we won’t sign a “business associate agreement” with our clinical partners when asked. We have a specific BAA we sign that clarifies the status of information in HealthVault as the responsibility of the individual, not the CE it is copied from.