Last week, HHS sent a notice to a limited number of people in the healthcare space soliciting their comments on a Draft Requirements Document for Consumer Preferences. The Draft seeks to establish a common framework allowing a consumer to define (preferences) how their personal health information (PHI) will be shared within the context of EHRs, HIEs and more broadly, the NHIN (Health Internet). The Draft Requirements, will ultimately be used to “inform the future development of certification criteria…”
A couple of things surprised Chilmark Research regarding the Draft. First, that distribution seemed limited to those that had signed up on the HHS site to receive any notices. Secondly, and more importantly, was the very limited time-frame for submitting comments, they are due Oct. 16th. Having downloaded and read the 40+ page document, following is our assessment.
While the scope of Customer Preferences addressed seems adequate:
The Consumer Preferences Requirements Document describes a framework for the electronic exchange among multiple stakeholders of the preferences consumers may have regarding the management of and controlling access to their information and potentially sensitive health information (SHI) utilizing standard message formats, terminologies and data sets. The scope of this Requirements Document includes a high-level description detailing:
- Key actors involved in the expression and creation of consumer preferences, namely the consumers, providers and organizations handling this information
- Descriptions of the expression, transmission and application of consumer preferences
- How consumer preferences are exchanged between electronic systems
- The exchange of health information authorized by a consumer preference
- The potential types of consumer preferences
- The location of a consumer preference’s origin and storage.
And understand why they did not wish to address:
- The details surrounding consumer education processes and requirements
- The process for reconciling situations where multiple, conflicting preferences exist for one consumer/patient
- The consequences of not following appropriate consumer preference procedures as prescribed by state, local or entity policy
Chilmark was quite surprised that these requirements decided not to address:
- Policies regarding whether or not a consumer preference is expected to be honored or accepted when sent from one entity to another
- The process and requirements for classifying and segmenting an individual’s demographic and clinical information in a way that supports that individual’s expressed preferences regarding what information or data types should be designated as sensitive health information
While both are critical, the first is a particularly thorny issue. What happens when a consumer defines clear preferences to their provider, the provider shares the consumer’s PHI with another provider for care coordination, a key “meaningful use” criteria under ARRA? Today there are no rules beyond HIPAA (if they are a covered entity or business associate) as to what that second provider/receiver of PHI may do with the consumer’s data. HHS’s decision not to address this issue head-on is a serious case of “dropping the ball.”
The second point is almost as important. As the ultimate owner and trustee of their PHI, the consumer ought to be able to decide what information is shared and with whom. One’s podiatrist may not need to know that the consumer contracted an STD in college, however, this is information one should share with their PCP. Granted, to keep it simple, HHS may have decided to postpone addressing this issue until a later date as today, it is extremely rare to find the capability to discretely tag data within a PHI repository for sharing. Regardless, if indeed this Draft Requirements document is to be used in the context of “certification criteria” discrete data tagging will need to be addressed within the next 2-3 years.
Arguably, the most interesting section and thought provoking section is Section 4: Issues and Policy Implications. It is here that the authors take a closer look on what consumer defined preferences mean to the broader healthcare market and outstanding issues that require careful consideration. Chilmark found sub-section 4.4 particularly interesting.
4.4 Segmentation of Health Information
1. Clarification may be needed for consumers to explain the protections relating to and the differences between Sensitive Health Information (SHI), Protected Health Information (PHI) and Individually Identifying Health Information (IIHI). A national discussion that explores the definition of sensitive health information and how that information might be classified would help to advance the meaningful creation and use of standards and policies for identifying and managing these different classes of information. Public education is necessary to insure that consumers know first what their rights are, second what information they have and how it may be used. Not so sure we need to educate the consumer on these various classes of data as what may be SHI to one, is PHI to another. Give the consumer credit to figure that out on their own but do educate them on their core rights to their PHI and sharing thereof.
2. A universal process or policy may be needed for classifying sensitive health information for the purposes of upholding consumer preferences. This may include a common taxonomy for defining elements that collectively articulate consumer preferences within electronic health records and other data stores. To make the defining and sharing of customer preferences work a common taxonomy is certainly necessary. We would go on to state that within that taxonomy, let’s insure that the consumer again has a clear understanding of what they are sharing. This issue will become particularly critical as we look to allowing the consumer to define preferences at the level of discrete data elements of their record.
3. A national policy or standard may be needed to address a consistent method of expressing consumer preferences within the varying state laws and healthcare entity policies. These policies accommodate varying levels of granularity and protections among states and prescribe conflicting levels of responsibility. A harmonized method to accommodate the variances in consumer preferences policies may be required for interoperability. Oh boy, ain’t that the truth. Today, the myriad of state and local laws, in addition to those at the healthcare facility level make it extremely difficult to define and share consumer preferences across the continuum. This will not be easy to accomplish, but is absolutely necessary not only for consumer preferences, but more broadly for care coordination regardless of physical location.
All in all, we found the Draft Recommendations to be a good piece for beginning the national discussion of how consumers will define and share their PHI sharing preferences. There are some pretty significant gaps that the creators purposely decided not to address but if this document will ultimately be used to set certification criteria, these gaps must be addressed now to set the stage for true consumer ownership of their PHI and ultimately a true consumer-driven healthcare system.