Who Owns EHR Data?

Download the entire September InformationWeek Healthcare, distributed in an all-digital format.

Electronic medical records contain highly personal information, from illnesses to family matters to emotional statuses. Yet those records don't necessarily belong to the patient. The question this raises in the digital age is: Just how much control should people have over their own records?  

Electronic health records (EHRs) have become invaluable collections of information used by a diverse group ranging from government agencies and disease researchers to marketing firms and for-profit data brokers. Government and for-profit businesses have long collected, parsed, and used collective patient data to track the path of chronic conditions and contagious diseases, follow the success rates of new and old treatments, develop new cures, and improve the quality of providers' services. But because today's electronic records are easily shareable -- and hackable -- and have different rules depending on state and organization, some patients fear they have little to no control over the information that tracks their very personal health information.

"It's like we have a vacation home, and we've given out keys to 50 different people, and they all show up at the same time," says Chris Zannetos, CEO and founder of security developer Courion, which counts healthcare organizations as about one-third of its customers. In other words, as patients we want our data to be shared when needed, but then we're surprised at how quickly we lose control of how it's shared.

Consumers don't "own" their health records any more than they own the vast troves of data that retailers, financial institutions, and government agencies collect about them, says Dr. Josh Landy, a physician and co-founder of Figure 1, a text-messaging app for healthcare professionals. Instead of ownership, healthcare professionals and patients should discuss electronic patient data in terms of "stewardship," he says. Although the creator of the record -- such as a hospital or physician's practice -- controls the record and data, patient data has multiple stewards.

Complete records might well include a combination of handwritten medical notes scanned as PDFs into a patient's file; information manually or electronically entered from monitoring and collection tools such as stethoscopes and scales; and data entered directly into the EHR. And the picture is going to get more complex. Soon, electronic records might collect data from wearable devices -- purchased as consumer gadgets -- that gather health data around the clock.

[Why isn't healthcare greener? Read Healthcare IT: Stop Sending PCs To Landfills.]

In addition, consumers often see a variety of healthcare practitioners. Each one -- primary care doctor, orthopedic surgeon, hospital doctor, or psychiatrist -- typically uses the referring doctor's record and creates a copy appended to his own electronic health record for the individual.

With all this sharing, what if a patient has a diagnosis he doesn't agree with or doesn't want shared? Can he contest, say, a diagnosis of alcoholism?

"We have to give due course to the patient," says Richard Rosenhagen, assistant VP for EMR/HIM/CDIP at South Nassau Communities Hospital. "If you're not transparent, you're going to end up in a bad place." The hospital has a process for discussing such conflicts with patients and making their disagreement part of the record, though the diagnosis remains. "If they disagree with what's in there, they have a right to voice their opinion," he says. "That disagreement doesn't give them the right to amend the record."

Incorporating more patient-driven data changes will present a whole new set of challenges for health IT professionals.

One reason is that, as a rule, consumers are "horrible historians," says John Hoffstatter, a physician's assistant and delivery director of advisory services at CTG Health Solutions. People forget to bring in a list of current medications or don't know why they take a particular pill. Having patients read through their electronic record is essential to improve care and reduce costs, he says.

InformationWeek Healthcare IT Priorities Survey of 322 healthcare technology professionals in February 2014 and 363 in January 2013.

Without patient participation, people can, for example, undergo duplicate medical tests when they see different doctors. That could hurt the patient, especially if radiation is involved, and result in extra expenses for payers and for patients responsible for co-payments. But getting patients interacting with their records this way is a big mindset change for doctors and patients.

"Traditionally, when I started practicing way, way back, the healthcare information was really owned by the provider. It was proprietary and part of that was for legal reasons," says Hoffstatter. But the healthcare industry can't ask patients to take a bigger role in their care -- including paying for more of their own treatment -- while also limiting data access. "The problem is we told [patients] for years and years, 'You can't have your information,'" Hoffstatter says. "Now we're saying you should own your information and be [a participant] in patient engagement."

The CIO's role
The CIO is responsible for creating the foundation for a new culture of transparency. Automating routine processes -- such as patching and provisioning of new or expired users -- is critical to giving patients secure access in an environment that frequently changes, Courion's Zannetos says. Usually working in tandem with department heads and healthcare end users, CIOs and their C-level counterparts are charged with implementing systems that encourage consumers to visit and interact with patient portals in order to meet Meaningful Use requirements.

Technology Advice study, August 2014.

Many healthcare providers install patient portals to promote a sense of consumer record ownership or interaction. About half the hospitals in the United States and 40% of physicians had a patient portal, according to Frost & Sullivan's September 2013 study, "U.S. Patient Portal Market for Hospitals and Physicians". Most portals were part of clinicians' practice management or EHR software purchases, the study found. Practices will spend a forecasted $898.4 million on patient portals by 2017, and yet providers often struggle to get consumers to use them. Under Meaningful Use Stage 2, the federal system of incentives and penalties currently in force, providers must ensure 5% of patients use a portal before they attest for compliance. Yet almost two-thirds of organizations report only 0% to 5% of patients are participating, an August report by Peer60 found.

One reason? Patients might not know the portals exist, a recent TechnologyAdvice study on portals revealed. Only 49% of patients knew whether their physician had a portal; 11% knew their doctor did not use a portal; and 40% did not know their physician's portal policy, the study found. Other than billing

Next Page

1 of 3