P9

Section 2: Values and Principles

Although there is great heterogeneity in the American population, as a nation we do embrace certain common values. Two of those values, privacy and autonomy, are deeply rooted in American history and remain relevant to many national discussions today, such as free speech and national security. The reach of these values extends to nearly every aspect of the American experience, particularly in health care.

Based on these core values, the Personal Health Technology Council has offered a set of consumer- and patient-focused principles for the handling of electronic personal health information. The principles have been endorsed by many consumer groups¹² and recommended to the American Health Information Community, an advisory body on health IT issues for the U.S. Department of Health and Human Services.^{13, 14}

The principles are:

1. Individuals should be guaranteed access to their own health information.
2. Individuals should be able to access their personally identifiable health information conveniently and affordably.
3. Individuals should know how their personally identifiable health information may be used and who has access to it.
4. Individuals should have control over whether and how their personally identifiable health information is shared.
5. Systems for health information exchange must protect the integrity, security, and confidentiality of an individual’s information.
6. The governance and administration of health information exchange networks should be transparent and publicly accountable.

Many PHRs today may aspire to these basic principles. However, it is not plausible to expect any current PHR offering on its own to fulfill all of the principles so long as the average individual’s personal health information is scattered across multiple, unconnected entities. Furthermore, there are no clear, consensus-based, overarching policies and practices that would guide PHR suppliers toward fulfillment of these objectives.

We conclude that, with the possible exception of individuals receiving all of their care from a single integrated delivery system, only a “networked PHR” has the potential to offer consumers an electronic health information environment that lives up to the principles. To create a trusted network that fulfills these principles, the companies and institutions that hold consumer health data must embrace the values underlying these principles. Fundamentally, personal health data custodians must not attempt to gain or retain market share by forcing consumers into exclusively proprietary mechanisms to access their personal data. Rather, entities should compete to serve consumers with services driven by data that the consumer authorizes them to use. Simply put, consumers should choose PHR applications in a free market.

Markle Connecting for Health argued this same position when it advised the Centers for Medicare & Medicaid Services to set an example for the health care industry by not providing an exclusive portal for beneficiaries to view their claims data, but instead experimenting with beneficiary data downloads into PHR applications that they select.¹⁵

If PHRs can be authorized to connect securely to multiple data streams on the network, then the competition among PHRs will be based on service, features, and value to the consumer, not mere custody of the consumer’s data. To illustrate this argument by analogy, the custodianship of personal health data should be more like that of personal cash. Consumers, not banks, own personal cash. People use banks to store and transfer their cash. The banks compete based on services that they provide in exchange for those deposits. Of course, this analogy is not perfect. People are much more accustomed to managing cash than personal health information. Furthermore, the information generated by the health care system is vastly less structured, more complex, and more sensitive than financial data. Lastly, financial fraud is a well-understood personal and business risk, with well-established remedies supported by business practices, tax law, FDIC, etc. The improper disclosure of personal health information, on the other hand, can inflict a very different kind of damage, which is hard to prove or fully remedy. This underscores the importance of designing a health information network based on principles that are consistent with American values.

All of the participants within the networked environment—including health care institutions and professionals, insurance companies, labs, pharmacy services, employers, and consumers themselves—must agree to basic principles for providing individuals access to personal health information, and security and confidentiality protections must be “baked in” to the network design.

The overarching principles must be translated into specific policies and authorizations, which may vary depending on the location of a given piece of information at a given point as it flows across a network. For example, imagine two applications: one controlled by a doctor and a networked PHR controlled by a patient. The doctor records a diagnosis, and the patient receives a copy of that diagnosis through the networked PHR system. The patient will now control all access by third parties to the copy of diagnosis data in the patient’s own application. However, just as with paper records, once information has been entered into the physician-maintained medical record, the doctor needs to retain the original data, without alteration. Further, existing regulations under the Health Information Portability and Accountability Act (HIPAA) authorize the doctor to share the data with authorized third parties for purposes of treatment, payment and operations without getting the patient’s explicit permission.

Before exploring these network-design and policy principles and policy questions in greater detail, in the next section we propose how networked PHRs may be helpful in improving our broken health care system.