Closing Comments on Data Integration and Data Privacy Issues in the Digital World
A critical element that needs to be maintained, preserved and perhaps strengthened refers to the privacy safeguards of healthcare related data of individuals. The integration of data resources from various healthcare providers and data bases no doubt enhances efficiencies from analytics capabilities and information generation. As the process of developing more robust data resources enhances efficiencies, it also introduces the requirement for well-defined and strictly enforced standards to protect the privacy rights of individuals regarding health related data. Privacy policies need to be designed to address any changes that transpire within the realm of data access and exchanges in the evolving healthcare system. The US department of health and human services issued a privacy rule to implement the requirement for the health insurance portability and accountably act of 1996 (HIPAA) which addresses the use and disclosure of individuals’ health information. A major goal of the Privacy rule is to assure that individuals health information is properly protected while allowing the flow of health information needed to provide and promote high quality healthcare and to protect the public’s health and well-being. The rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing . New initiatives are currently addressing privacy requirements in this evolving data intensive environment. The American Recovery and Reinvestment Act of 2009 (ARRA) incorporates “improvements” to existing law, covered entities, business associates and other entities that will soon be subject to more rigorous standards when it comes to protected health information .
Case in point is illustrated by enhanced data sharing between counterparties in the healthcare network of stakeholders. The Meaningful Use and the newer Merit Incentive Payment System (“MIPS”), which are the programs that arose out of the HITECH Act mentioned earlier in this chapter, that incentivized physicians to utilize electronic health record (EHR) technology, have settled into becoming a fact of life for healthcare providers. With this new reality, CMS is building on this foundation to take fuller advantage of the data that can be gleaned from electronic health records. The latter stage (Stage 3) of Meaningful Use (the program now renamed
“Promoting Interoperability” or “PI”) that all providers are required to attest to annually, is focused more on how effectively data can be exchanged between providers. This is to allow for a given provider to see a fuller set of clinical information on patients and to allow for public health registries to sprout and provide appropriate interventions where there are particular needs. This type of data exchange is known as “interoperability” and is an increasing focus of government regulators to ensure that different providers can share data across different EHR platforms.
A great example - and an early realization of the potential of mobile health platforms - is the Apple Health Record. If you have an iPhone and have treatment at a participating hospital or medical group (more and more providers are participating by the day), you can get secure access to your health information across multiple hospitals in an easy-to-digest layout. You can share this with providers to gain insight into your health history. CMS is mandating that hospitals be able to support this type of interoperability through what are called “APIs” (or “advanced programming interfaces). These APIs are rapidly taking hold and are making it much easier for providers to exchange data with one another. There is also a new protocol for interfacing data that is called FHIR (pronounced “fire”), which stands for “Fast Health Interoperability Resources”. This is the newest iteration of the HL7 standard that has been in play in healthcare for years, and probably the most dramatic leap forward for HF7 since its inception.
With big data coming into its own, some of the big players in technology are looking to make a play in healthcare. Going beyond the Apple Health Record, Apple is also incorporating diagnostic capabilities into its Apple Watch and acting as an integrator of data from wearables such as Fitbits. Google has also moved into this space leveraging its signature “search” capabilities by working with Ascension Health, a large health system, to mine patient data to build new tools for physicians that will make their interaction with EHRs easier.
Amazon, Microsoft and IBM have also made plays in the healthcare space. These companies offer cloud storage of EHR data and have recently become increasingly willing to sign “Business Associate Agreements” (a requirement within the HIPAA legislation for external companies who handle “electronic protected health information” - or “ePHI” on behalf of providers) committing to storing the data in a manner consistent with HIPAA security mandates in “cloud” environments . Cloud computing had been slow to catch on in the healthcare realm because of security concerns, but that is rapidly changing, as providers are becoming increasingly comfortable with the security profiles of potential cloud-hosting partners. Additionally, the hardware and infrastructure needed to support healthcare operations is becoming so complex that it is hard for hospitals to expand their operations in a timely manner to accommodate the rapidly-growing requirements for information systems.
As the digital era continues to evolve, providing value enhancing opportunities across functional areas of healthcare, so to must adequate assimilation and regard to compliance and regulation to maintain safety for all stakeholders involved.
- 1. Patterson, N. The ABCs of Systemic healthcare reform: A plan for driving $500 Billion in Annual savings out of the US healthcare system. Cerner Corporation: Healthcare Industry Brief (www.cerner.com/ABCs) 2009.
- 2. Davenport, T and Prusak, L. Working Knowledge, Harvard Business Press, 2000.
- 3. Davenport, T. Harris, J. DeLong, D. and Jacobson, A. 2001. Data to Knowledge to Results: Building and Analytic Capability. California Management Review, 43 (2), 117-138.
- 4. Pande, P. Neuman, R. and Cavanagh, R. The Six Sigma Way: How GE, Motorola, and Other Top Companies are Honing Their Performance, McGraw-Hill, 2000.
- 5. United States Department of Health Human Services (Summary of the HIPPA Privacy Rule): http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/ privacysummary.pdf
- 6. The American Recovery and Reinvestment Act of 2009: http://frwebgate.access.gpo. gov/cgi-bin/getdoc.cgi?dbname=l ll_cong_bills&docid=f:h lenr.pdf
- 7. Evans, M. “Tech Firms get Identifiable Hospital Data”, The Wall Street Journal, Jan 21. 2020.