The social uses of data stored in EHRs and the privacy protections needed

EHRs either make sense clinically or economically on an individual patient or practice basis, or they don’t, depending on which study you read. 

Let’s assume that implementation does not make economic sense, or that implementation is cost-neutral, at the individual practice level.  Should the EHR implementation agenda be advanced nevertheless?

The argument goes like this: aggregate data will point to new findings regarding safety, efficacy and efficiency of different treatment modalities for patients with the same or similar diagnoses.  Providers can then be incentivized (through P4P, or its subset, value-based purchasing) to follow the preferred approach. 

This has the potential to help all of us, but of course there is also the potential for inappropriate sharing of personal health information.  HIPAA doesn’t quite help in these circumstances (there are some aspects of EDI, RHIOs, etc. not contemplated when the HIPAA rules were being written, not all that long ago) though some fixes may be in the works.  See news regarding NCVHS letter to HHS promoting expansion of HIPAA (and a copy of the NCVHS letter, too), though it’s worth noting that’s been in the works for about a year).

"Secondary" use of health data — i.e., use of data "for non-direct care, including analysis, quality, research, payment, provider certification, marketing and commercial activities" — is the subject of ongoing review and consideration by an AHIC workgroup and by AHRQ.

Update 7/20/07:  The Washington Post reports on concerns about holes in HIPAA and proposed legislation to tighten it up; Jeff Drummond, at the HIPAA Blog is dismissive of what he sees as folks getting all hot and bothered about not all that much.

Here’s hoping that the potential for using all this data we’re collecting for the collective good isn’t mucked up by the federales and — dare I say it — the lawyers.

— David Harlow