You might not have guessed that the Health Information Portability and Accountability Act (HIPAA), an act passed in August of 1996, was the topic of the “most emailed” NY Times articles in July 2015, they were. The Times picked up on the idea that HIPAA is used to block sharing of health information as a convenient excuse, or convenient misunderstanding, rather than the original intent, to keep records shareable, but private.
 
The 20-year old piece of regulation is still a hot topic because, not because it works, but because of it’s broad misuse. The problems associated with a lack of health data sharing has gone mainstream.
 
HIPAA came about at the dawn of the Internet era, and the vast majority of health records were paper. By definition, records existed at clinic and were physically tied to the clinic. What information that came from the patient were gathered by the physician during the history. That same architecture of paper persists today in electronic form, and it’s broken and ill-suited to today’s needs.
 
HIPAA is a symptom of that broken architecture and a broken design.
 
I wrote in a series back in 2012 about how certain software and communications architectures in and of themselves, in how data and people are connected, can reduce risk. What we have today is a high-risk architecture for patient data. Providers have very high risks of storing and sharing data, yet still too few incentives to share. Problems with HIPAA and “information blocking” are symptoms of a broken, pre-Internet, paper-driven architecture the health systems have acquired.
 
It’s long been said that information should follow the patient, that we should have HIEs of one, and “clinical trials of one,” but the current architecture makes that almost impossible. There’s too much risk to sharing, and still very little upside for third parties. There’s risk from HIPAA, there’s risk from data breaches, and there’s risk of losing patients to competitors. Risk leads to data hoarding and information blocking.
 
How do we overcome this risk and get data flowing? The answer is either to reduce the risk of sharing (difficult), or change where the information is held and who owns it.

Changing the location of data storage and/or data ownership toward patients

Bob Wachter gives a great example in “” The Digital Doctor of patients in Africa who were given tiny slips of paper with information about their diagnosis and prescription. They would append these slips together to create a personal medical history they kept with them. We’re unfortunate that we didn’t inherit a similar system here in the U.S. In this age, however, we something similar – we need a way to pin information electronically to people using technology they have, on devices they have, accessible through their phones or the technology they keep with them at all times.
 
I recently took a family member to an urgent care center (nothing serious). I asked for copies of the images that were taken and we made an appointment to see a specialist. I received a disc. No encryption, no password. Lots of patient information. As I was leaving, they mentioned, “you might want to bring the images to the specialist appointment, just to make sure they have them.” The specialist appointment was in the same building, 1 floor up.
 
We were the integration because interoperability is too difficult even in the same building. If we hadn’t brought the images, someone from the office would have gone downstairs, downloaded the images onto a disc and carried them upstairs to the specialist’s office, just as if they were paper. This happens every day a thousand times over. We’d all do a lot better if we had a secure container that traveled with us and we didn’t even have to remember to bring insecure digital copies.
 
It’s not just inconvenient, it’s delaying science. Just imagine if patients had a way to share even a small part of that data, what kinds of studies could be done.
 
A large part of the entire world is now connected to a common, peer-to-peer system, aka the Internet. This system is available in real time through mobile devices and the internet of things (IoT). We no longer need records to be tied to a particular place or institution, they should be tied to a single, unique person, and the relationship to the person can be decided by algorithms. These records should exist in a form that lies beyond the institution, and they should be controlled by the patient.
 
We don’t live in an era where a patient’s data has to “live” at the clinic. It needs a home that travels with the patient. When the patient is there, her data health information is there with her, no matter where she goes.
 
This may seem like a dream, but we’ve done the same thing a million times over in other industries from bar coding to RFID, we’re pretty good at tracking things and attaching them to information in secure ways. To highlight this idea. ePatient and patient advocate Casey Quinlan has a bar code with a link to her medical record tattooed to her chest. Bob Wachter uses the example of John Halamka, CIO at Beth Israel, who 10 years ago had a chip inserted with a code that goes to his record. It’s hasn’t helped much, but the idea of having data follow an individual is on target. The first step is getting access to the info for the patient, the second step is making it available through code or hardware attached to the individual, just like a credit card or insurance card. It isn’t rocket science. We just need a little bit of will.
 
There’s some hope that will is coming through precision medicine, and what’s clear is part of the foundation – patient access to data. I watched the Champions of Change on Precision Medicine at the White House a couple weeks ago. It was evident that Precision Medicine and patient access to data are inseparable. Looking at the State of the Union Address, The President even linked the two when he said he was launching the Precision Medicine Initiative to “to give all of us access to the personalized information we need to keep ourselves and our families healthier.” Check out the White House fact sheet on precision medicine to see just how tightly personal information access, interoperability, and precision medicine are linked. These themes were reinforced last week during the Senate HELP Committee hearings on information blocking.
 
There’s been extensive talk about health data as a civil right from Farzad Mostashari and others, including the HHS office of Civil Rights. Health data will become a civil rights issue. The #getmyhealthdata movement is steeped in talk of revolution. Individuals won’t just be put in charge of it, they’ll have a place to keep it.
 
This issue won’t go away until the rights and the architecture are fixed.
 
Update (morning of July 30, 2015): DoD health records contract went to Cerner, a member of the CommonWell Health Alliance. It’s still a largely on-premises solution, but the company has made a public effort to show they are committed to better interoperability. How much have interoperability and the Senate hearings on information blocking been a part of the decision? Still, although interoperability is great, I still wonder what will be done about the architecture?