Who Owns EHR Data? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Electronic Health Records

Who Owns EHR Data?

The owners of electronic health records aren't necessarily the patients. How much control should patients have?

Download the entire September InformationWeek Healthcare, distributed in an all-digital format.

Electronic medical records contain highly personal information, from illnesses to family matters to emotional statuses. Yet those records don't necessarily belong to the patient. The question this raises in the digital age is: Just how much control should people have over their own records?  

Electronic health records (EHRs) have become invaluable collections of information used by a diverse group ranging from government agencies and disease researchers to marketing firms and for-profit data brokers. Government and for-profit businesses have long collected, parsed, and used collective patient data to track the path of chronic conditions and contagious diseases, follow the success rates of new and old treatments, develop new cures, and improve the quality of providers' services. But because today's electronic records are easily shareable -- and hackable -- and have different rules depending on state and organization, some patients fear they have little to no control over the information that tracks their very personal health information.

"It's like we have a vacation home, and we've given out keys to 50 different people, and they all show up at the same time," says Chris Zannetos, CEO and founder of security developer Courion, which counts healthcare organizations as about one-third of its customers. In other words, as patients we want our data to be shared when needed, but then we're surprised at how quickly we lose control of how it's shared.

Consumers don't "own" their health records any more than they own the vast troves of data that retailers, financial institutions, and government agencies collect about them, says Dr. Josh Landy, a physician and co-founder of Figure 1, a text-messaging app for healthcare professionals. Instead of ownership, healthcare professionals and patients should discuss electronic patient data in terms of "stewardship," he says. Although the creator of the record -- such as a hospital or physician's practice -- controls the record and data, patient data has multiple stewards.

Complete records might well include a combination of handwritten medical notes scanned as PDFs into a patient's file; information manually or electronically entered from monitoring and collection tools such as stethoscopes and scales; and data entered directly into the EHR. And the picture is going to get more complex. Soon, electronic records might collect data from wearable devices -- purchased as consumer gadgets -- that gather health data around the clock.

[Why isn't healthcare greener? Read Healthcare IT: Stop Sending PCs To Landfills.]

In addition, consumers often see a variety of healthcare practitioners. Each one -- primary care doctor, orthopedic surgeon, hospital doctor, or psychiatrist -- typically uses the referring doctor's record and creates a copy appended to his own electronic health record for the individual.

With all this sharing, what if a patient has a diagnosis he doesn't agree with or doesn't want shared? Can he contest, say, a diagnosis of alcoholism?

"We have to give due course to the patient," says Richard Rosenhagen, assistant VP for EMR/HIM/CDIP at South Nassau Communities Hospital. "If you're not transparent, you're going to end up in a bad place." The hospital has a process for discussing such conflicts with patients and making their disagreement part of the record, though the diagnosis remains. "If they disagree with what's in there, they have a right to voice their opinion," he says. "That disagreement doesn't give them the right to amend the record."

Incorporating more patient-driven data changes will present a whole new set of challenges for health IT professionals.

One reason is that, as a rule, consumers are "horrible historians," says John Hoffstatter, a physician's assistant and delivery director of advisory services at CTG Health Solutions. People forget to bring in a list of current medications or don't know why they take a particular pill. Having patients read through their electronic record is essential to improve care and reduce costs, he says.

InformationWeek Healthcare IT Priorities Survey of 322 healthcare technology professionals in February 2014 and 363 in January 2013.
InformationWeek Healthcare IT Priorities Survey of 322 healthcare technology professionals in February 2014 and 363 in January 2013.

Without patient participation, people can, for example, undergo duplicate medical tests when they see different doctors. That could hurt the patient, especially if radiation is involved, and result in extra expenses for payers and for patients responsible for co-payments. But getting patients interacting with their records this way is a big mindset change for doctors and patients.

"Traditionally, when I started practicing way, way back, the healthcare information was really owned by the provider. It was proprietary and part of that was for legal reasons," says Hoffstatter. But the healthcare industry can't ask patients to take a bigger role in their care -- including paying for more of their own treatment -- while also limiting data access. "The problem is we told [patients] for years and years, 'You can't have your information,'" Hoffstatter says. "Now we're saying you should own your information and be [a participant] in patient engagement."

The CIO's role
The CIO is responsible for creating the foundation for a new culture of transparency. Automating routine processes -- such as patching and provisioning of new or expired users -- is critical to giving patients secure access in an environment that frequently changes, Courion's Zannetos says. Usually working in tandem with department heads and healthcare end users, CIOs and their C-level counterparts are charged with implementing systems that encourage consumers to visit and interact with patient portals in order to meet Meaningful Use requirements.

Technology Advice study, August 2014.
Technology Advice study, August 2014.

Many healthcare providers install patient portals to promote a sense of consumer record ownership or interaction. About half the hospitals in the United States and 40% of physicians had a patient portal, according to Frost & Sullivan's September 2013 study, "U.S. Patient Portal Market for Hospitals and Physicians". Most portals were part of clinicians' practice management or EHR software purchases, the study found. Practices will spend a forecasted $898.4 million on patient portals by 2017, and yet providers often struggle to get consumers to use them. Under Meaningful Use Stage 2, the federal system of incentives and penalties currently in force, providers must ensure 5% of patients use a portal before they attest for compliance. Yet almost two-thirds of organizations report only 0% to 5% of patients are participating, an August report by Peer60 found.

One reason? Patients might not know the portals exist, a recent TechnologyAdvice study on portals revealed. Only 49% of patients knew whether their physician had a portal; 11% knew their doctor did not use a portal; and 40% did not know their physician's portal policy, the study found. Other than billing

Next Page

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AliN258
50%
50%
AliN258,
User Rank: Apprentice
10/30/2014 | 5:25:08 AM
EMR data
My former billing company who also owned our practice EMR has refused to provide us access to the OLD data and has disconnected my staff and my username and access after we changed to a new billing company?

What is the current rules of practice and traditions in such a case?

Thank you
GaryAk
50%
50%
GaryAk,
User Rank: Apprentice
9/14/2014 | 5:42:23 PM
HIPAA needs to be revised
A patient in many cases has to go through a lot of hoops to get their own records.   Having to sign a form every time following a visit or procedure to get one's own records is silly.   Having providers not be willing to email or fax electronic records to your home because it is not secure, even when you are willing to waive your 'privacy' rights.


It is a rare doctor that agrees to email back and forth with a patient, relying on some secure, encrypted form of electronic communication that is functionally complex and difficult even for a tech-savvy patient to keep.


HIPAA needs to be amended to allow the option for simpler forms of communications and less barriers to the patient to get their own records electronically or otherwise.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/10/2014 | 4:48:41 PM
Ownership Records
Interestingly, most people who shared this story on Twitter and then posted their own answer to the headline's question responded, "patients." 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/10/2014 | 4:47:48 PM
Re: Governance and strategy
Yes I think healthcare organizations would be well-served if they move away from focusing so much on compliance (which is, of course, necessary) and focus more on risk-management and transparency, when it comes to data and security. As the South Nassau executive said, patients want more transparency from their healthcare providers -- in terms of cost, access to their own information, and providers' records for safety, etc. -- and those that deliver this information are most likely to succeed over those that continue to make this info hard to find or access. CIOs and their IT teams play an integral role in making this happen securely.
pfretty
100%
0%
pfretty,
User Rank: Ninja
9/10/2014 | 11:16:00 AM
Governance and strategy
"The CIO is responsible for creating the foundation for a new culture of transparency." This is such a key component of today's data-laden society. And, its especially true in sensitive field like the medical industry. Going forward organizations need to place more emphasis on developing, nuturing and mantaining data strategies while embrace proven governance tactics.  Obviously both will come with maturity, but its the organizations who embrace it early who will surface as leaders. 

 

Peter Fretty
Laurianne
50%
50%
Laurianne,
User Rank: Author
9/9/2014 | 1:49:20 PM
Re: preferred contact
Medicine is one of the few industries where you still see fax machines in heavy rotation.
Ariella
50%
50%
Ariella,
User Rank: Author
9/9/2014 | 12:25:53 PM
Re: preferred contact
@Alison As I said, I don't care for letters, though I have recieved a few from doctors or hospitals, particularly if they wanted to make some official communication prior to or after a particular procedure. But I really thought it was total overkill when a doctor sent a note that the office didn't show that certain tests were done via certified mail. That was a pain, in fact, b/c the mail carrier just left the slip about it in my mailbox without giving me the chance to sign for it. And the slip doesn't even let you know who the sender is. So I had to trek over to the post office the next day to sign for the letter -- as I had no idea what it was or how urgent it may be.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/9/2014 | 11:55:53 AM
Re: preferred contact
The preference for letters by such a big number of doctors really shows, in my mind, the comfort level some practices have with the old ways of doing things and their discomfort with trying new, more efficient means of communication. When you think about it, letters are expensive: They take time to personalize, print, and stuff into envelopes, and they're expensive over time -- paper, print, envelopes, labels, stamps, and staff time. You also have to ensure patients' mailing addresses are kept current (which billing requires too, of course). 

That said, a lot of doctors' offices still rely on fax a lot. In dealing with two specialists recently, I was surprised to learn that one doctor faxed his records over to the other doctor's office; the other doctor, in turn, wanted to send her records back electronically but was forced to fax them back because the first doctor didn't have the capacity to receive them electronically (despite using an electronic health record in his practice). Unsurprisingly, during our first visit to the second specialist, part of my daughter's record was missing because the first doctor's assistant hadn't sent over the complete file. 
Ariella
50%
50%
Ariella,
User Rank: Author
9/9/2014 | 11:50:24 AM
preferred contact
I'm surprised as many as 13% prefer letters. It seems so inefficient. I'd fall into the majority here with a preference for phone, and email as my second choice.
Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll