See how many different aspects of this experience could be improved (security, privacy, confidence, accuracy) if the patient had online access to their results, linked to explanatory health information and interaction with their care team at their convenience.

While the situation is obviously a parody, it seems to have enough elements of truth in it that I wonder if the writer experienced receiving test results recently. Without overanalyzing, I would say that the piece does a great job of showing the impact of disempowerment. Thanks to the 30 Rock team for the great example.

In California, a patient wouldn’t have a choice except to receive the results via telephone or in person, because it’s been illegal since 2002 to share pathology results with patients over the Internet, even if the patient and/or the doctor wish them to be communicated that way.

I was at the unveiling of The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information and have since taken the time to read the documents posted on the HHS Website. This is not a point by point review of the documents, just the passages that were of interest to me as someone interested in patient empowerment.

I realize that there is ongoing discussion about this work, which I will link to here. I am still struck by Leavitt’s statement, which I tweeted here, which to me signaled the intent to overall to provide an environment where privacy is respected and patients have access to information that helps them be healthy.

So here goes.

1. The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

The goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation’s adoption of health information technologies and help improve the availability of health information and health care quality.

(again, thinking about Leavitt’s statement above)

INDIVIDUAL ACCESS – Individuals should be provided with a simple and timely means to access and obtain their individually identifiable health information in a readable form and format.

(more on this in another document)

2. Privacy and Security Framework: Introduction

This guidance is limited to addressing common questions relating to electronic health information exchange in a networked environment, and, thus, is not intended to address electronic exchanges of health information occurring within an organization.

(some patients get care from federated medical groups as part of integrated care systems that securely share information between providers when there is a need to provide care)

3. Safeguards Principle and FAQs

Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?

(this whole section is interesting, but just clipping the following part)

Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.

4. The HIPAA Privacy Rule’s Right of Access and Health Information Technology

IMPLEMENTATION OF DENIAL The Privacy Rule further requires that denials of access be timely, written, provided to individuals in plain language, with a description of the basis for denial, and if applicable, contain statements of the individual’s rights to have the decision reviewed and how to request such a review. In addition, the notice of denial must inform the individual of how complaints may be filed with the covered entity or the Secretary of HHS. If access to some of the PHI is denied, the covered entity must, to the extent possible, give the individual access to any other PHI requested, after excluding the PHI to which the covered entity has a ground to deny access. See 45 C.F.R. § 164.524(d)(1).

However, where the covered entity provides individuals with electronic access to some or all of their health information, through a PHR or similar means, and the access is available to the individual at any time and without a request, it becomes more difficult to determine whether a denial of access has occurred and when notice to the individual is required. For example, the requirements in the Privacy Rule are flexible enough to permit a covered entity to notify the individual in advance of the types of PHI to which it intends to deny access and for which the Privacy Rule does not provide a right of review. See 45 C.F.R. § 164.524(a)(2).

(These appear to me to frame personal health records which show parts of a person’s medical record as implementing a form of denial of access which an organization should explain proactively, as opposed to “provision of limited access” which I think is what many organizations do today, without proactive explanation why some things are shown and some not)

There is a lot more in the documents that are relevant to someone like me and many people reading this post. I just wanted to highlight the ones that I noticed, again, with the intent I felt I heard in that conference room in Washington, DC. See what you think.

Mike Leavitt – Link Medical Funding to Interoperable Records – washingtonpost.com

The parenthesis in the title are mine:

Before lawmakers act, they need to think: If stimulus money supports a proliferation of systems that can’t exchange information, we will only be replacing paper-based silos of medical information with more expensive, computer-based silos that are barely more useful. Critical information will remain trapped in proprietary systems, unable to get to where it’s needed.

I would suggest that we be concerned also about the proliferation of systems that keep patients’ health information opaque to patients themselves. The new HHS Privacy Framework, in my opinion, seems to open the door to this possibility (I will quote on it in a post tomorrow) – if a stimulus money is given to a system, should the system also be interoperable with patients and their families by giving them access to it?

• Doctors get the time they crave with patients – Article in the Seattle Post-Intelligencer – innovations in organizations with fully deployed health information technology include spending more, rather than less, time with patients. Good job, Group Health Cooperative!

• DCist: WMATA On Google Transit: “Not In Our Best Interest” – This is an example of the critical mass that can build around consumers wanting access to their data (in this case, the scheduling data of public transit) in different ways, once it is available in other places. Do I have to go to the WMATA Web site to do all of my transit planning, or can I use the built in application on my iPhone also? If other public utilities have already begun collaborating, shouldn’t ours? Aren’t there analogies in health care (I’m thinking “revolution of rising expectations“).

• California Health And Safety Code Section 123148 – Limits on sharing test result information with patients online – Text of the law in California regarding transmission of test results online. I referred to this in the article I wrote about sharing health information with patients.

• Disruptive Women in Health Care » Blog Archive » Cancer Schmancer – Quote: "Doctors are bludgeoned by big business health insurance companies to go the least expensive route of diagnostic testing. They are trained to think, “If you hear hooves galloping, don’t look for zebra because it’s probably a horse.” But if you happen to be a zebra, you’re in big trouble!" This is how doctors are taught to think, and if they don't have the tools / ability to listen to patients (time, technology, training), the likelihood that things appear to be horses increases.

Patient Accessible Electronic Health Records: Exploring Recommendations for Successful Implementation Strategies | Wiljer | Journal of Medical Internet Research –

Most participants agreed that access to the EHR is a fundamental patient right and that the implementation of PAEHRs should not be delayed.

There was also an important discussion and debate about when results should be provided—in real-time, after physician approval, or after a specified time delay. A balance must be struck between making the information available to patients in a timely fashion that supports self-managed care and patient safety so that patients are not unduly stressed by complex and ambiguous information. However, it is evident that the health care community is currently divided on this issue.

• Insurers Embrace Online Physician Visits, But Doctor Participation Slow To Catch On – iHealthBeat – “Aetna is agressively marketing the tool to its contracted providers” – some information about the support for patient-physician messaging in the fee for service sector. Also some information from Kaiser Permanente’s work. California Medical Association provides a distinctive perspective on change. See what you think. Why isn’t this catching on in the fee for service healthcare community? (Audiocast)

I received this query from fellow family physician, and now successful implementor of an enterprise-wide electronic health record, Matt Mulder, MD, who practices and works at The Everett Clinic, in Everett, Washington:

Hey, I am starting to toy with the idea of E Visits, and getting paid for them. I have heard of few other groups that are making these fly. From your travels, have you come across any fee for service group that is making these work. It appears some third party payors are paying for them – up to $35 per visit. Hope all is well, Matt

I had some ideas of people who I could refer this question to, but wanted to refer it to the readers here, for their ideas. Matt said OK to post here with his name and organizational affiliation. Do you know of groups who are providing reimbursed e-visits and how is it going? Patient, staff, doctor perspectives are welcome…

Let’s help Matt support a patient-centered, results-only patient experience. Please post your ideas in the comments.

Congratulations to the patients and staff at The Everett Clinic on completing their EHR implementation – I see that they now have a link to “My Medical Record” at The Everett Clinic. Great job! Let’s see if Matt can also tell us how that part of things is going…