Private Health Records and the Health URL: A patient-centered care team approach to health information management

 

July / August 2007

Private Health Records and the Health URL
A patient-centered care team approach to health information management

By Adrian Gropper, MD

Older, more active, more mobile, and more sophisticated healthcare consumers demand an ever more diverse healthcare team. Specialty hospitals, retail clinics, networked home care devices, house calls, health advice Web sites, and medical tourism represent the leading edge of innovation in healthcare delivery. Yet, the current, first generation of electronic health records (EHR) continues to focus on information capture and workflow within a particular medical practice as it moves to paperless processes. The drawbacks of this institutional focus are now becoming apparent. Today’s EHRs force all physicians in a practice to use the same tools and user interface. At the same time, they can make communication among unaffiliated members of the healthcare team even more difficult than the paper and fax they aim to replace. As current EHRs struggle to meet the growing expectations of an Internet-savvy public while controlling user interfaces, logins, database structure, and external interfaces, they confine the customer and hamper innovation in both treatment and business methods.

This continuing focus of EHRs on the practice instead of the patient limits healthcare delivery as well as evaluation of outcomes, patient safety, and payment. First, it is increasingly difficult to get a complete picture of the patient’s situation, as many members of the care team are affiliated with different and sometimes competing institutions. For the chronically ill, health coaches are increasingly sought as arbitrators across uncoordinated providers isolated in their own information silos. Objective evaluation of outcome, and therefore patient safety, also suffer from a lack of patient focus. Practices are justifiably reluctant to release information that will be used to compare them to other practices and could put them at a disadvantage in contract or pay-for-performance negotiations. In contrast, patient-centered private health records do not cause practices to release information to anyone other than the patient, and that release is already legally mandated by HIPAA. In contrast to information exchange through vast regional bureaucracies, sometimes called health information exchanges, private health records provide better outcomes measures at lower cost with fewer privacy concerns. Private health records are conceived as Internet-era bank accounts and ATM networks for patient-controlled information disclosure. Today’s user-centered, second-generation Web technologies and Web collaboration (Web 2.0) can now be applied to the problem of improving the quality and value of healthcare.

Support the Physician
For clinicians, the private health record would be just another technological feature of their practice management system or EHR. Private health records aggregate the important, authenticated (e.g. signed) information about a particular patient. Designed from the ground up with physicians in mind, private health records are a win-win-win solution for clinicians, payers, and patients.

Unlike regional provider-to-provider health information exchanges, private health records do not introduce new privacy annoyances to the physician because the patients themselves must authorize access beyond the practice. The patient-centered portability of private health records enables sophisticated providers to offer specialized consults beyond the limits of their immediate practice, operate retail clinics in the community, support advanced home care, and market health coaching to employers at risk for insurance costs. In this way, private health records can be a source of revenue to the practice that hosts them.

Private health records need not be tightly integrated with the EHR or practice management system. For example, previewing of private health records in a Web browser allows the physician to select relevant information before adding it to the EHR. As EHRs begin to support standard document formats, such as the Continuity of Care Record (CCR), the update of a private health record becomes a faster and less costly alternative to today’s letter to the patient or referring physician. Another simple integration, called single sign-on, allows the physician to sign in to the EHR and the private health record server at the same time. Single sign-on saves time in managing external communications while improving security by allowing users to link sensitive accounts together to a single, independent authority such as a bank or cell phone carrier.

Clearer Outcomes
Access to patient information aggregated over time and across all of the care team is essential to measuring the outcomes and objective value of healthcare services. Institutional EHR and ad-hoc health information exchanges do not provide a unified, neutral view of a patient. Insurance-based health records are out of the patient’s control. These have seen very low adoption and often require incentive payments to the consumer to counter their mistrust. In addition, physicians mistrust health records derived from claims because they know that claims are often manipulated by providers and patients alike. Truly private and independent health records will gain the trust of an insurer’s customer and enable the transparency that payers need to add real value as health advisors.

Competition for Trust
A private health record is analogous to a bank account. A bank account aggregates transactions with employers, landlords, and merchants, whereas a private health record aggregates transactions with hospitals, labs, and primary care practices. The defining feature of the bank is independence from the sources and destinations of money and the ability to move one’s assets from one bank to another at will. By analogy, an effective private health record is relatively independent of any single practice and can be easily moved from one host to another under patient control.

The analogy between banks and private health record hosts also predicts that both will compete for the trust of their clients. Although regulations play an important role in banking as well as in heath records management, the policies of banks are mostly the result of wanting to keep customers happy lest they move their account elsewhere. Private health record hosts will also compete on the basis of policies lest the patient decide to move his or her account to another host. Market-based competition on the basis of trust and service promotes innovation more efficiently than complex bureaucracies organized to control a regional “health information exchange.”

Health URL Basics
A Health URL is a structured and private Web site aggregating authoritative clinical information about a single person. Access to a Health URL is determined by a combination of three policies: the policies of the organization entrusted to host the Health URL account, the policies of the practice or caregiver that initially created a patient’s Health URL account, and, most important, the informed consent of the patients themselves. Google Vice President Adam Bosworth popularized the term Health URL in a December 2006 keynote address (http://services.google.com/blog_resources/bosworth_healthcare.pdf).

As with bank accounts, Web sites, and email accounts, Health URL innovation favors broad, non-proprietary and vendor-neutral solutions. Customer lock-in and unnecessary differentiation tend to lose in the marketplace as patients move their Health URL to hosts that offer the portfolio of features they value most.

The value of a Health URL can be assessed in four different dimensions: aggregation, physician usability, privacy, and portability. Aggregation refers to the ability to collect high quality information from many different sources with high reliability and low cost. Physician usability refers to the set of features that will encourage physicians to review the Health URL as a routine activity and update it with the latest information after each encounter. Clarifying privacy refers to effective and unobtrusive policies that enable each patient or his or her designated agent to control access to his or her health information. Portability of the Health URL from one host to another without disrupting physician and other users is essential for rapid innovation and competition.

Internet Collaboration
Much has been said about user-generated content, social networks, and the technologies that empower individuals by connecting them over the Internet. On the technology side, the term Web 2.0 is the name given to flexible, easily customized components, and services such as Google accounts, MySpace pages, and an armory of simple software tools.

Four Health URL Basics

Aggregate Information from providers and the patient to one Health URL.

Support the Physician HIPAA compliant, FDA registered, diagnostic imaging, digital signatures, single sign-on.

Clarify Privacy Access authorization is a combination of host policy and patient consent.

True Portability enables a Host URL to be moved from one host to another without disturbing access from any practice.

Health applications and the Health URL represent the most private extreme of the user-centered Web 2.0 vision. Each physician, consultant, lab, EHR, or practice management system will connect to the Health URL designated by each patient. Per Web 2.0 practice, the Health URL itself will be constructed by a combination of interoperable services, standardized documents, and lightweight, easily accessible components.

Health URL services will evolve rapidly through the crossover of advanced Web commerce technology to healthcare. Two major problems with large scale Internet collaboration are 1) control of one’s privacy in the face of increasingly powerful search engines and 2) managing passwords that are easy to remember, hard to guess, and never shared with anyone. The privacy and password problems are related through the concepts of digital identity and single sign-on. A unified technology called federated identity management has evolved, outside of healthcare, and currently supports millions of accounts worldwide. Federated identity management standards control the discovery of a Health URL, routing to it, and transfer of information from it through methods similar to the way banks created a global ATM network. Applied to the Health URL, federated identity management puts the patient in control of who will be able to see a genetic test or psychiatric note while allowing for important and legally mandated public health and biosurveillance measures.

The single sign-on component of federated identity management reduces the need for multiple passwords by linking accounts to one or a few trusted identity providers such as a telecom carrier or bank. To authorized physicians, single sign-on means that they can access a patient’s private health records regardless of who is hosting that particular Health URL. Federated identity management technology promotes rapid innovation by enabling service providers to compete for private health record accounts on the basis of trust, features, and quality of service to the patients and their doctors.

Web 2.0 principles will also promote collaboration and specialization among the suppliers of health information technology. Vendors of EHR and practice management systems will be driven to adopt standards and to develop differentiated products for different clinical specialties instead of today’s enterprise-wide uniformity. With the Health URL as a given, physicians within the same enterprise or group will be able to choose workstations from different vendors and customize them as they see fit with the latest commercial and open-source components.

Clinical services will be deeply impacted by Web 2.0 principles and the Health URL. Trauma response, specialty consultation, chronic disease management, home care, and outcomes evaluation will increasingly compete individually for the opportunity to contribute to the care of a specific patient. The institution-neutral Health URL makes patient-centered collaboration possible through open, simple, and voluntary standards.

Patient Safety and Quality Healthcare

Figure 1 – A person’s Health URL as it appears in a Web browser along with scanned documents and diagnostic imaging.
(Click here to view a larger version in a separate window.)

Patient-Centered Health Information Management
The transition to the new generation of clinical information systems has begun. Rapid market acceptance of the Continuity of Care Record (CCR) standard for structured clinical summaries is evident. Vendors such as Adobe and MedCommons have introduced CCR-based systems that manage DICOM diagnostic images and digitally signed PDF documents. Finally, and arguably most important, consensus is forming around federated identity management to enable trust relationships among institutions while protecting the patient’s ability to control discovery and disclosure of their private information.

Health 2.0 Collaboration
Eighty percent of the healthcare cost is spent on 20% of the patients. Empowered patients and their relatives, online communities, home care services, house calls, retail clinics, specialty consultants, primary, local, tertiary, and specialty healthcare facilities span the spectrum of collaborators that minister to the chronic and seriously ill. As many as 10 of the collaborators may focus on helping one particular patient. Each of the 10 might have its own EHR, management, or personal software system, and each of these has a need to collaborate over a network with the others.

Web 2.0 technologies for collaboration among members of a patient’s care team will accelerate innovation in clinical services. Simple examples would include upload of clinical summaries in CCR format along with diagnostic radiology and cardiology scans to the patient’s designated Health URL. Examples are easy to come by: a retail clinic will document vaccinations; a primary care physician will keep the medications and problem list up-to-date; an MRI center will upload the patient’s scan; a knee specialist will download the scan and report his or her interpretation; a laboratory will make a 3-D model and digitize key measurements; a surgeon will download the CCR and models into his or her surgical system; independent agents will access the Health URL and generate outcome review questions for the patient and care team members; finally, the payer will aggregate outcomes and provide feedback on value added by the participants. The Health URL represents the patient’s most private persona on the Internet and enables the patient to control discovery and disclosure of their combined information without inconveniencing their doctors.

Conclusion
The Health URL is emerging as the essential concept of a patient-centered health information revolution. Any member of the care team can offer a Health URL to the patient or request access to a patient’s existing Health URL. Once the Health URL is established, the patient is, by definition, fundamentally associated with his or her Health URL. As with bank accounts and personal email domains, patients can choose to move their Health URL accounts to a different hosting agent and their private health records will remain intact together with its connections to specified healthcare providers.

Clinicians and other collaborators on a patient’s healthcare team can gain access to diagnostic quality and digitally authenticated images and reports in the Health URL with permission of the patient or his or her designated agents. Practice management systems and EHRs interact with the Health URL by coding relevant patient information into CCR format with DICOM and PDF references and implementing Web services and federated identity protocols already deployed in government and corporate networks. A new generation of Internet commerce and collaboration technologies allows healthcare providers to leverage their customers’ trust by combining their internal practice management systems with a patient-centered, independent private health record.

Continuing Care Community

  • Your 80-year-old father is accepted into a high-end continuing care community.
  • He is required to provide a complete set of medical records prior to moving in.
  • Father has a primary care physician, a neurologist, and a cardiologist — in three separate practices. He’s had an MRI recently after a suspected stroke as well as cystoscopy and chest x-rays. Each of these doctors have prescribed one or two medications.
  • The continuing care facility runs its own clinic, but you are responsible for purchasing the medications.
  • The continuing care facility has installed a Health URL Appliance and offers accounts to residents as part of the fee.
  • You create a Health URL account for your father using your own e-mail address for notification.
  • You print out records request forms and barcoded fax cover sheets for each of the three practices.
  • You sign the records requests under your healthcare power of attorney and fax them, along with the fax cover sheet to each of the three practices. A follow-up phone call is well advised.
  • Each of the practices returns their patient summaries either via fax or by saving a Continuity of Care Record (CCR) file directly to your father’s URL.
  • The primary care physician is affiliated with a large hospital that stores MRIs and radiographs in digital form on a picture archiving and communications system (PACS). They send your father’s MRI and chest x-ray to the Health URL using a free DICOM transfer utility downloaded from the Health URL Appliance.
  • You are notified by e-mail as each practice adds to your father’s private health record.
  • You sign in to the Health URL account and review the CCR, PDF documents derived from the incoming faxes, and even look trough the MRI. (Figure 1)
  • You “invite” the continuing care facility clinic to access your father’s Health URL.
  • The clinic’s nurse reviews the records and combines the prescriptions into a Current CCR for your father. This ensures a smooth transition to the clinic’s care.
  • Whenever a change is made to the medications or an encounter summary is generated, one of the authorized care givers updates the Current CCR. You are automatically notified by email.

Breast Cancer Worries

  • You are a 42-year-old woman, and your sister has just been diagnosed with breast cancer.
  • You are worried about your risk and ask your primary care physician for advice.
  • After some discussion, your doctor suggests a genetic test for BRCA1.
  • Your doctor explains that there are risks to having the results posted to your medical record and anyway, your heath insurance doesn’t cover the test. She points you to the National Cancer Institute Web page for BRCA1 (http://www.cancer.gov/cancertopics/factsheet/Risk/BRCA; June 6, 2007) for details.
  • Your doctor suggests you establish a private health record to get a personal Health URL. Their practice has recently installed a Health URL Appliance and you can use the Web terminal in the waiting room to enroll yourself.
  • On the Web site of the Health URL Appliance, you are greeted by a message from your doctor explaining his/her new private health record service option. The practice may sponsor your account or ask you to pay an annual fee.
  • You click “Register,” enter an e-mail address, name, date of birth, and home address. You pick a password.
  • You have established a Health URL. It might look something like:
    https://ccr.yourfamilyclinic.com/?accid=3478211945632109.
    An e-mail has been sent to you with this information.
  • At home or in the doctor’s office, you use a test lab Web site to order a BRCA1 Test Kit using your Health URL as the destination for the result. A shipping label is printed from the lab Web site with a barcode and blood sample instructions.
  • Your doctor draws the blood and sends the tube to the BRCA1 lab in your name using the coded label.
  • The lab sends the test result to your Health URL via a secure Web service. You are automatically notified by e-mail. You can choose to have your doctor notified automatically that a result is available as well.
  • You make a follow-up appointment with your doctor. Before the visit, you give the doctor permission to look at your private health record. You can revoke this permission at any time by logging in to your Health URL account.
  • The doctor clicks your Health URL in his/her worklist or an e-mail notification. They review the test results in their Web browser and discuss your options.
  • Your BRCA1 test results are never entered into the practice’s medical records system and are not available to your employer, insurer, or anyone without your express permission.

Adrian Gropper is the co-founder and chief science officer of MedCommons. He is an entrepreneur and medical device developer with training as an engineer and physician. His most recent ventures include telemedicine and radiology PACS. His focus is on making computer-based tools more accessible to all physicians and health workers around the world. The Internet and collaborative Web-driven innovation methods inspired MedCommons as a patient-centered approach to healthcare that seeks to be equally useful to patients and physicians. Gropper participates in four standards groups (CCR, IHE, HITSP, Liberty Alliance) and still often finds himself the only voice speaking from the patient’s trust and privacy perspective in these forums. He can be reached at agropper@medcommons.net.