A federal workgroup said that data element access services provisions are "fundamentally flawed," pose privacy challenges.
(click image for larger view)
Slideshow: Health IT Boosts Patient Care, Safety
At the final meeting of the Office of the National Coordinator for Health IT's (ONC) President's Council of Advisors on Science and Technology (PCAST) Report Workgroup, chair Paul Egerman sought to put the finishing touches on the workgroup's upcoming report to the Health IT Policy Committee.
However, during Wednesday's meeting, some members of the workgroup chafed at their narrow mandate of only suggesting ways the report's principles could be integrated with meaningful use, not commenting on its merits or feasibility. Though Egerman, a retired software entrepreneur, continually sought to keep the team on point, flair-ups occurred around privacy and feasibility. Specifically, the issues focused on a key element of PCAST's concepts for health information exchange (HIE): data element access services (DEAS).
"We can't be blessing the blind faith of technologists unless we're convinced," said workgroup member Wes Rishel, VP and distinguished analyst in Gartner's healthcare provider research practice. "And when it comes to this area of having DEAS administer privacy consent, I think it's a fundamentally flawed approach. I think we heard that over and over again from people who testified... if there's any belief that centralized, multiple, private DEAS policy engines are going to solve granular consent problems, then we need to recommend the actions to bear down on those concepts."
Rishel and Dixie Baker, senior VP, CTO, and technical fellow at Science Applications International Corporation's health and life sciences business, both seemed baffled by the apparent PCAST-endorsed dynamic in which physicians could "unlock" a specific piece of clinical data they were authorized to see, yet be prevented from incorporating it into their electronic medical record (EMR). If litigation resulted from the clinical decision which had been based on the data, they wondered, what would happen if patient consent had been withdrawn in the interim, meaning both the physicians and their lawyers were unable to produce the data as part of a defense?
Referring to this dynamic, Rishel commented, "I think we have serious problems with blithe assumptions in the PCAST report."
William Stead, vice chair of the PCAST Report Workgroup and associate vice chancellor for health affairs and chief strategy and information officer at Vanderbilt University Medical Center, said any assumptions should be validated before being rolled out on a larger scale.
"We can't implement a national system based on theory -- we have to have some working models... we need test beds to see which of those, and other possible approaches, are workable for meeting providers' needs."
Baker said she thought the DEAS was problematic. "The DEAS, as described in this report, is not workable while at the same time delivering safe and quality care, but it should be said that, from a technology point of view, everything in the report is doable. From the perspective of clinical operations and the safe delivery of patient care, some of the concepts need to be rethought and alternative approaches need to be developed."
Mark Rothstein, chair of law and medicine and founding director of the Institute for Bioethics, Health Policy, and Law at the University of Louisville School of Medicine, also urged caution.
"My perspective is that if PCAST is implemented it will present innumerable problems to health data privacy." As such, he wanted it clearly noted in the workgroup's report that it had not been permitted to comment on whether the PCAST concepts were "good or bad... I would like to have that sentiment clearly reflected in our conclusion."
Continuing to question the operational feasibility of a DEAS model, Rishel explained, "Providers will not release data to a general use mechanism unless they believe that their ability to express the consent given by their patients is being enforced -- period."
He added, "To me, at a very fundamental level, the PCAST Report is distinct and counter to the principles of fair information practices that the Tiger Team (Workgroup on Privacy and Security) is developing."
At that, Egerman sought to move the discussion away from commenting on the merits of the report. "I don't want to go there," he said. "It's an interesting discussion, but it's a different argument."
As he finalized the workgroup's report, Rishel nonetheless urged Egerman to communicate his aforementioned sentiment clearly. "I don't want that to be a tepid comment -- it must be expressed with urgency and immediacy."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.