Putting Health Data in the Hands of Patients
One of the great promises of health information technology is that it will improve the ability of patients to manage their own care. But patients can’t do this effectively without information about their own health conditions, so patient access to their personal data is critical to unlocking the vast potential of health IT. An emerging method for giving patients access to their data is to provide them with the ability to download it directly from their health care providers onto their home computers or other media storage devices. HHS should encourage the health care industry as a whole to adopt the download capability to foster market innovation and promote patient engagement in their health care.
The HITECH Act – part of the 2009 stimulus legislation – strengthened patients’ right to obtain an electronic copy of health records. Under HITECH, patients also have the right to direct the health care provider to transmit the electronic copy to the person or entity of the patient’s choosing (such as a patient-controlled personal health record).
HHS should use its available tools to encourage health care providers to offer a download capability. For example, HHS should explicitly deem a download capability to be one way health care providers may meet patients’ right to obtain a copy of their information. This would create a legal incentive for the health care industry to adopt the download capability. HHS should also expressly endorse the download capability as an acceptable way to provide information to patients to meet the criteria for the federal "meaningful use" incentive program.
A download capability can spur private sector innovation as well. Ideally, putting health information – literally – in the hands of patients would free up information for use in programs of the patient’s choosing. The increased portability of data would create a market incentive for companies to develop applications enabling patients to use the data to monitor their health.
A download capability is not without risks, however. Patients and health care providers offering the capability will need to educate themselves on how to use the download function securely. For example, patients should be made aware of the dangers of keeping their health information on an unprotected flash drive. Providers will need a means to confirm the individual’s consent to download the data. Providers should also use audit logs to track when the data was downloaded and by whom. The Markle Foundation developed a set of privacy and security policies specifically for download capability, and nearly fifty companies and advocacy organizations – including CDT – support the policy framework. HHS should use these model policies as a basis for guidance for health care providers that offer patients the download capability.
At least two government agencies already offer a download capability to the populations they serve. The Dept. of Veterans Affairs launched a download feature on its electronic patient portal, and the Centers for Medicare and Medicaid Services is preparing to offer the capability for beneficiary claims data later this fall. Significant patient populations – namely veterans and Medicare beneficiaries – are poised to reap the benefits of a download capability. The time is right for HHS to examine how a download capability can enhance patient care in the health industry as a whole.