You are using an outdated browser. Some of the rich features of this site is not going to function on this browser. Consider updading your browser or using a newer browser.
NEW YORK—Dossia, Google, Intuit, Microsoft, and WebMD today joined prominent health care providers, health insurers, and consumer and privacy groups in endorsing a set of practices for new internet services that help consumers track and improve their health. The framework defines a set of practices that can help protect personal information and enhance consumer participation in online personal health records. "Consumer demand for electronic personal health records and online health services will take off when consumers trust that personal information will be protected," said Zoë Baird, president of the Markle Foundation, which organized the consensus framework. "We have broken the typical logjam in health care and reached consensus among health sectors and technology innovators, so internet health information products can flourish." The announcement comes as technology companies, health care delivery systems, health insurers, large employers, and others are proliferating options for consumers to keep their own copies of health information and connect to health-related services online. However, this emerging, innovative new space is evolving without a common set of information practices and expectations. "We have achieved the first detailed, consensus-based approach to consumer access and privacy practices for important new internet-based health information services," said Carol Diamond, MD, MPH, Markle managing director and chair of Connecting for Health. "A stable, common-sense set of principles and practices will foster innovation and improve consumer choice for these emerging services." The framework — developed by the Markle-operated Connecting for Health public-private collaboration — includes four overviews and 14 specific technology and policy approaches for consumers to access health services, to obtain and control copies of health information about them, to authorize the sharing of their information with others, and sound privacy and security practices. In 2006, Connecting for Health released a framework of policy and technology resources for privacy and security in internet-based networks connecting medical professionals from different institutions and clinics. The new framework deals with networks that include individual consumers as participants who can collect their information, store it in applications they control, and share it with whom they want. The following organizations today endorsed the framework: AARP • Aetna • American Academy of Family Physicians • Association of Online Cancer Resources (ACOR.org) • America's Health Insurance Plans • BlueCross BlueShield Association • CapMed • Center for Democracy and Technology • Center on Medical Record Rights and Privacy • Cisco Systems Inc. • Consumers Union • Dossia • FollowMe • Google • Geisinger Health System • Health Care For All • InterComponentWare Inc. • Intuit Inc. • MedicAlert • Microsoft Corp. • National Breast Cancer Coalition • National Partnership for Women and Families • NewYork-Presbyterian Hospital • Pacific Business Group on Health • Palo Alto Medical Foundation • Partners Healthcare System • RxHub • SureScripts • U.S. Department of Veterans Affairs • Vanderbilt Center for Better Health • WebMD "Some of the new services aren't covered under federal health information privacy laws, and there is uncertainty about privacy protections," said Steve Findlay, health care analyst, Consumers Union, publisher of Consumer Reports. "This collaboration lays out specific practices that all PHRs and related services can use, whether they are covered by federal privacy rules or not, so they can enhance public trust." Survey reveals overwhelming public support for privacy protective practices The Markle Foundation also released a survey today indicating that four in five U.S. adults believe that electronic personal health records (PHRs) would help people: Check for errors in their medical records (87 percent). Track health-related expenses (87 percent). Avoid duplicated tests and procedures (86 percent). Keep their doctors informed of their health status (86 percent). Move more easily from doctor to doctor (86 percent). Manage the health of loved ones (82 percent). Get treatments tailored to health needs. (81 percent). Manage their own health and lifestyle (79 percent). "This new survey indicates that an overwhelming majority of U.S. adults see the value of online personal health records. Nearly half express some interest in using one," said David Lansky, PhD, president and CEO of Pacific Business Group on Health and chair of the Connecting for Health work group that developed the new framework. "At the same time, the vast majority of respondents said having key privacy practices in place would be a factor in their decision to use such services. Nearly half called specific privacy practices ‘critical' in their decision to try one out," Lansky said. When asked about some of the practices contained in the new framework, consumers said: How important in decision to try a PHR service: Common Framework Practice Area It's critical __________ It's one factor in decision __________ Affected people would be notified if their information falls into unauthorized hands in a way that could compromise their identity or expose their health information. 60% 32% An individual would be able to review who has had access to their personal health information. 53% 37% Individuals would have a clear process to request corrections or dispute the way their information is handled. 53% 38% Individuals would NOT be denied care or penalized financially based on whether they decided to provide certain medical information to an internet-based service. 49% 40% The survey of 1,580 U.S adults – conducted by Knowledge Networks between May 13 and 22, 2008 – matched the demographic proportions of the general U.S. adult population (including online and offline households), and had a margin or error of plus or minus 2.5 percent. It was designed by Columbia University Professor Emeritus Alan F. Westin, a leading authority in privacy research. Among the other findings: A small percentage of Americans use PHRs today. Despite the expressed interest that consumers revealed when asked about electronic PHRs, only 2.7 percent of respondents (which equates to 6.1 million people) said they had one today. Of this small group, four in five described their PHR as "valuable." Consumers cite privacy concerns as a significant barrier to PHR adoption. Of the people who said they were not interested in having a PHR, more than half (57 percent) cited privacy concerns as a reason for not wanting one. "Regarding health privacy, we found that 24 percent of the public have high concerns; 49 percent to 56 percent have moderate concerns, and only 20 percent to 27 percent have low concerns," Westin said. "This pattern of health privacy intensity suggests that 73 percent to 80 percent of the public will want to be assured of robust privacy and security practices by online PHR services, if they are to join those offerings." Consumers see that several options can be effective in ensuring protections on the web. The survey asked consumers about their perceptions of effectiveness in four different ways of enforcing good practices on the web. Eighty percent said they thought each of these two options would be effective: Having an independent organization audit the PHR organization and provide a seal of approval to certify it is following good practices. The Federal Trade Commission or state attorneys general enforcing existing consumer protection laws, by finding any PHR that does not follow its own policies is engaging in false and misleading practices. Seventy-six percent said they thought each of these two options would be effective: Market forces - consumers choosing the products and brands they trust and not using others that do not follow good privacy practices. Congress passing a new health privacy law to cover the special features of online PHR services. "Enforcement is a crucial element of this framework," said James X. Dempsey, vice president for public policy of the Center for Democracy and Technology. "Moreover, the Connecting for Health approach makes it clear that it is not sufficient to rely on one single enforcement mechanism for the range of privacy principles. Rather, different enforcement mechanisms will likely be optimal for different aspects of the privacy framework, and comprehensive enforcement will probably require a mix of approaches. It was interesting to see from the survey that consumers believe that a range of enforcement tools may be effective." Markle Connecting for Health is a public-private collaborative with representatives from more than one hundred organizations across the spectrum of health care and information technology specialists. Its purpose is to catalyze the widespread changes necessary to realize the full benefits of health information technology while protecting patient privacy and the security of personal health information. Markle Connecting for Health tackles the key challenges to creating a networked health information environment that enables secure and private information sharing when and where it is needed to improve health and health care. Learn more about Markle Connecting for Health at www.markle.org/health.
Read the Survey Overview See All Results Key Findings When asked about requirements necessary to make sure that federal incentive money for health IT would be well spent, more than 80 percent of both the public and doctors surveyed say privacy safeguards were important. Both groups express the importance of specific privacy policies including breach notification, audit trail, informed choices, and ability to request corrections. The public support for these privacy policies is very high and has been consistent over time in our surveys. Solid majorities of the patients and doctors do not want the government collecting personally identifiable health information as part of the health IT incentives program. However, if safeguards were in place to protect identity, the vast majority of both groups expressed willingness to let composite information to be used to detect outbreaks, bio-terror attacks, and fraud, and to conduct research and quality and service improvement programs. The public’s willingness to include de-identified information for these uses is remarkably consistent with Markle’s 2006 survey. Observations Since 2005, Markle has commissioned four nationwide surveys asking about the importance of privacy and security protections in three contexts: Electronic PHRs. Health information exchanges. Health IT subsidies under the Recovery Act. The findings have been consistent: Big majorities of the public view privacy and security protections as important requirements for them to support and participate in health IT efforts. In this most recent survey (2010), we found physician views on the importance of privacy protections largely aligned with those of the public.
Introduction This document outlines a strategy for linking patient information across multiple sites of care, developed by the Working Group on Accurately Linking Information for Healthcare Quality and Safety, a part of the Connecting for Health effort sponsored by the Markle Foundation and the Robert Wood Johnson Foundation. The linking of vital information as patients receive care from a fragmented healthcare system is a problem that has consistently plagued interoperability efforts in healthcare. The privacy, technical, and policy issues involved need to be addressed in order to effectively share information across multiple organizations. Making the information available will help to prevent drug interactions and adverse events, avoid medical errors, and help inform decision making for the patient and clinician. It will also enable the support of public health efforts, improvements in research, better physician and organizational performance and benchmarking, and greater empowerment of patients and families as active participants in their own healthcare, among other benefits. The linking problem is simple to describe but hard to solve: how does a healthcare professional link a patient with their health files, and how do they know that any two files stored in different places refer to the same person? This problem occurs every time a care provider asks to have a patient's file pulled or updated, and every time a patient moves or changes doctors, visits a new lab or specialist, or falls ill while traveling. At its core the linking problem is one of identity -- how can we say for sure that a patient in the office is to be matched with a particular set of records, or that two sets of records can be merged because they belong to the same patient? The goal of the Linking Working Group was to address these issues, proposing practical strategies for improving healthcare through improved linking of information in a secure and efficient manner, and in a way that allows healthcare professionals much improved access to needed information while respecting patients' privacy rights. Additionally, we assumed that our proposals would be implemented in a five-year time frame, with the additional assumption that any test bed or pilot project implementations would therefore have to be ready in between one and three years, depending on the complexity of the problems to be worked on. We thus focused on techniques for record linking already in use in other areas, rather than on the design of entirely new methods.
As we move toward the creation of a networked health information environment, the potential of privacy intrusions increases, with potentially devastating impact on quality and access to healthcare. This paper describes the risks we face and proposes a framework to minimize those risks. In particular, it proposes nine principles to protect privacy in an information age. Read More
Janlori Goldman, from Health Privacy Project; Alan Westin, from Columbia University; Harriet Pearson, from IBM; and Jodi Daniel, from the Office of the National Coordinator for Health Information Technology, discuss consumers' attitudes, their concerns over privacy and security of personal information, and what these concerns are being addressed.
First, the nation needs a well-defined, comprehensive privacy framework based on key policy and technology attributes that I will lay out. Second, while the entities and contracts created by HHS have been useful to initiate action in this field, we now need to find the appropriate longer term process for determining both the policies and the technologies that will achieve the attributes of such a framework. Our national strategy for health information technology must be carried out by decision-makers informed by and accountable to a broad range of interests with direct public accountability.
First, the nation needs a well-defined, comprehensive privacy framework based on key policy and technology attributes that I will lay out. Second, while the entities and contracts created by HHS have been useful to initiate action in this field, we now need to find the appropriate longer term process for determining both the policies and the technologies that will achieve the attributes of such a framework. Our national strategy for health information technology must be carried out by decision-makers informed by and accountable to a broad range of interests with direct public accountability.
Identifies the policy issues that lead to trust (cross-cutting issues, obtaining patient notification and consent, appropriate uses of health information, identifying records that belong to a particular patient, authenticating the identity of users, patient access to his or her own information, audit trails, and breaches of confidential health information).
WASHINGTON, DC—The American public believes strongly that electronic medical records can make the difference between life and death in emergencies, new research being released today shows. Nearly three out of four Americans (72%) say they favor the establishment of a nationwide electronic information exchange that would allow a patient's health information to be shared with authorized individuals quickly, privately, and securely via the Internet. However, ensuring patient privacy and control over their own records is essential to full consumer acceptance of such an exchange. More than three out of four Americans (79%) say making sure their records could be shared only after they provide permission is a priority. The survey results will be presented Oct. 11 at the first national conference to focus on the needs and concerns of consumers, including privacy, in the rapidly growing field of health information technology. Conference organizers also will present seven consumer and patient principles, which have been endorsed by a wide range of consumer, business, and other organizations involved in health care. The principles are designed to protect privacy and ensure that personal health information is used appropriately in health information exchange. Sponsored by the Markle Foundation, the Robert Wood Johnson Foundation (RWJF), and the Agency for Healthcare Research and Quality (AHRQ), the conference will focus on advances in personal health technology and the core principles for creating a health information environment in which consumers can use information technology to participate more fully in managing their health and health care. More than 700 individuals registered to take part in the conference, including consumer advocates, business leaders, entrepreneurs, medical professionals, and government officials. "Americans use digital information technology to manage their finances, pay bills, book flights, and customize the music they listen to, and our research shows they now want to use health information technology to get the best care possible for themselves and be better able to manage their own health," said Zoë Baird, president of the Markle Foundation, which funded the research. "People realize that if they or those they love are in an accident or disaster, having their medical records available at a moment's notice through secure, electronic information exchange could mean the difference between life and death." "We are on the cusp of a technological revolution in health care, as more personal digital health products are developed, and consumers in the 'iPod generation' are more receptive to using them," said David Lansky, senior director of the health program at the Markle Foundation. "Each device that is developed should meet consumers' needs for privacy and security, as should the entire nationwide health information environment in which consumers and health professionals will be using these digital tools. That is why these new patient and consumer principles are being proposed." The number and types of personal digital health technologies is growing rapidly, and a bipartisan group of national leaders is keenly interested in how information technology can transform health care. Business leaders, including Andy Grove of Intel, and national leaders, including President Bush, Senate Majority Leader Bill Frist (R-Tenn.), Sen. Hillary Clinton (D-N.Y.), Rep. Nancy Johnson (R-Conn.), Rep. Patrick Kennedy (D-R.I.), and former House Speaker Newt Gingrich, are advocating the use of information technology to improve the quality of health care, reduce medical errors, and increase efficiency. President Bush has called for all Americans to have an electronic personal health record within 10 years. The survey released at today's conference shows that four in five Americans (80%) believe that if physicians kept electronic medical records on their patients, health care quality would improve and medical errors would be reduced, because authorized doctors would be able to retrieve a patient's medical history in a matter of seconds. An equal number (81%) believe that the ability of researchers to review millions of records anonymously to determine best treatment practices would help all doctors improve the quality of medical care. Despite these high levels of support for health information technology, keeping electronic medical information private and secure remains a top concern for consumers. Today's research shows that people are much more likely to support online medical records if they have control over their own information and safeguards to protect privacy are in place. Public Opinion Strategies, Alexandria, VA, conducted the survey Sept. 20-22, 2005. The survey of 800 adults has a margin of error of +/- 3.46 percent. According to the poll: Individuals want to review who has seen their medical information. Eighty-one percent of respondents say reviewing who has had access to their personal health information is a "top" or "high" priority. Patients want to be asked before their information is shared. Seventy-nine percent of respondents say it is a "top" or "high" priority that their medical information be shared electronically only with their permission. Consumers want the identity of anyone who sees their records to be carefully confirmed. Ninety-one percent of respondents say carefully confirming the identity of anyone using the system to prevent unauthorized access or cases of mistaken identify is a "top" or "high" priority. The public does not want employers to have access to workers' health information. Sixty-eight percent of respondents say it is a "top" or "high" priority that employers not have access to secure health information networks. A separate study, conducted by Public Opinion Strategies on Sept. 28-Oct. 2, 2005, (800 adults; margin of error +/- 3.46%) showed that consumers would use their own secure, online "personal health record" account to better manage their health care. Nearly seven out of 10 respondents (69%) said they would use this online service to check for mistakes in their medical records, as well as to check and refill prescriptions (68%). Nearly six in 10 respondents said they would like to get medical results over the Internet (58%) or conduct secure and private email communications with their doctors (57%). Taken together, these results show a strong interest among consumers in using health information technology to more fully participate in their own health care. The new consumer and patient principles to guide the development of online health information exchange were developed by the Personal Health Technology Council, a group of 44 leading consumer and privacy advocates, medical professionals, informatics experts, payers, technologists, federal policymakers, bio-ethicists, and researchers. The group believes these principles should guide developments in the private and public sectors, including several pieces of legislation that have already been introduced in Congress and would increase the use of electronic health records within any new nationwide health information exchange. The seven patient and consumer principles endorsed by the Personal Health Technology Council are: 1. Individuals should be able to access their health and medical data conveniently and affordably. 2. Individuals should be able to authorize when and with whom their health data are shared. Individuals should be able to refuse to make their health data available for sharing by opting out of nationwide information exchange. 3. Individuals should be able to designate someone else, such as a loved one, to have access to and exercise control over how their records are shared. 4. Individuals should receive easily understood information about all the ways that their health data may be used or shared. 5. Individuals should be able to review which entities have had access to their personal health data. 6. Electronic health data exchanges must protect the integrity, security, privacy, and confidentiality of an individual's information. 7. Independent bodies, accountable to the public, should oversee local and nationwide electronic health data exchanges. No single stakeholder group should dominate these oversight bodies, and consumer representatives selected by their peers should participate as full voting members. "When all Americans have the ability to review their own medical records online, we then will begin to see a health care system that reduces disparities in medical care, and increases the quality of care for all Americans," said John R. Lumpkin, M.D., M.P.H., senior vice president and the director of the Health Care Group for RWJF. "People want to take advantage of health information technology, but they need to trust that the new information environment respects their privacy and ensures the security of their information. Therefore, the new health information technologies that are being created, as well as the health information environment itself, must focus on consumers' concerns about privacy, security, and personal control." "Consumers have clearly understood how electronic records can improve quality of care, and the recent experience of lost medical records in hurricane Katrina has made this lesson even more vivid," said AHRQ Director Carolyn Clancy, M.D. "But access and control for the patient must be built in from the beginning. Under HHS Secretary Mike Leavitt's leadership, AHRQ will help lay the groundwork for privacy and security as an integral part of building the technical foundation for electronic health records."