Medical data is only as valuable as the uses it’s put toward. When shared between patients, providers, and payers, data becomes a tool for improving health outcomes and the healthcare experience. But as we gather and use more data, we also create more risk.
Whenever data is transmitted between systems, there’s a chance it could be stolen or corrupted. In the case of healthcare, this possibility can have grave consequences. The theft of someone’s Social Security number can be consequential, but stealing that person’s entire medical history would be a tremendous invasion of privacy with immense potential for exploitation—not to mention a violation of HIPAA laws. And providers realize that a data breach of this sort would expose them to legal liability, negative publicity, and a loss of trust.
Medical information has been strictly protected by HIPAA since 1996 because it needs to be. For most of that time, the priority has been clear: Keep sensitive medical information secure. However, we’ve reached a point where there’s so much to be gained by opening that data up to wider uses that the benefits outweigh the risks— that is, if certain important safeguards are put in place.
Severely limiting data access prevents providers from offering the highest standards of care. An emergency room doctor, for instance, can’t make a fully informed decision about the best course of treatment for an unresponsive patient if he or she doesn’t have access to the patient’s recent medical history and prescription drug regimen. At best, the doctor can provide limited treatment, and at worst, he or she can potentially endanger the patient’s life.
That said, making medical records available to all relevant stakeholders while still keeping them safe and HIPAA-compliant is a delicate balancing act. Leaning too far in either direction can be problematic. If you share data too freely, you increase the chances for exploitation, but siloed data may contribute to negative health outcomes.
The healthcare system must find an appropriate middle ground. Here are some action items related to the future of electronic health records.
1. Grant the patient access
Patients often know their own medical history better than anyone else, yet they have little to no access to their personal EHR, which prevents them from identifying errors and omissions. Keeping patients in the dark also makes filling in the gaps a time-intensive process where providers have to exchange at-risk information. Conversely, permitting patients to reference their own records and suggest amendments when necessary can help streamline the process. And because the patients themselves make the amendments, HIPAA rules don’t apply.
Versions of the technology required for appropriate patient access are already in the works. Apple Health Records, for example, aggregates patient data with EHR data as long as it’s coming from the same provider network. The information is accessible through a patient-facing app that individuals can monitor for mistakes. Once those mistakes are resolved, providers throughout the network have access to the same updated information.
2. Bridge the information gap with a referral system
Kyruus’ “2018 Referral Trends Report” shows that although 77 percent of providers acknowledge that treating patients within the same network improves care coordination, almost 80 percent still refer patients out of network.
Oftentimes, out-of-network referrals occur simply because doctors lack the information they need to fully utilize their referral network. Many doctors rely on a small sample of favored specialists, and because they don’t typically have the most up-to-date information on where specialists practice, patients may be pushed out of network.
The same Kyruus report also found that a third of out-of-network referrals could be prevented if doctors had better access to data about in-network providers. This nicely illustrates why a comprehensive, integrated referral system is so valuable. Moreover, keeping everything in-network as much as possible has the added benefit of minimizing security and compliance concerns because sensitive data doesn’t have to travel across disparate data systems.
3. Think ahead to tap into the value of new health tech
The general public is growing more comfortable with sharing personal information when doing so leads to greater convenience and more personalized services. We’re likely to see this trend expand into the healthcare space along with the growing prevalence of fitness trackers and other wearable health monitoring devices.
This new technology can generate a massive amount of valuable, previously unavailable data, and healthcare outcomes could be dramatically improved if we put that data to effective uses. However, the healthcare industry needs to develop data management systems capable of integration with these new technologies in order to make that happen.
Health data collection is rapidly expanding beyond the doctor’s office, and we’re quickly reaching the point where we’ll need reliable ways of transmitting data from personal monitoring systems into EHR systems using APIs. Building out secure systems that link health tracking devices to provider databases will be an important next step, but it will also present a significant challenge.
Transferring this data securely is obviously a priority, but the healthcare industry also needs to somehow manage the massive amount of data it will be receiving. Much of this new data will likely be irrelevant, so this process will benefit greatly from integrated data systems with AI technology that can distinguish the signal from the noise and automatically filter out the latter.
Coming to terms with the scope of this endeavor and the infrastructure-related demands it presents is the first step toward making it real. A focus on system integration, data security, and data relevancy will point us in the right direction to someday take full advantage of the expanding realm of useful health data while still protecting patient privacy.
Increasing the availability of medical data is vital to the improvement of medical care, but we must handle this data very carefully. Priority No. 1 should be to do no harm. Beyond that, if we can work together to build secure, intelligent, integrated health data management systems, there is great potential for improving quality of care and overall health outcomes.
For reprint and licensing requests for this article, click here.