Last week I ran a panel about the future of U.S. health care. Most of the discussion, as requested by the conference organizers, was around health care costs, the promise of medical records and the like. But one of the questions that came up on a card from the audience was:
"What needs to be changed [for me to] have my records? Why can't I own my own records?"
In theory, nothing needs to change. You just need to better assert your rights -- and the institutions around you need to recognize them.
But in practice, it can be near impossible to get your own data. The assumptions are all wrong. For example, I have posted my full genome online, but I couldn't get most of my health records to go with the genetic data. The institutions I talked to for my records did not feel the obligation to respond.
In many ways, it's an issue of expectations. Most consumers don't think to ask, just as, long ago, they didn't ask for online banking or for a way to manage their own contacts online.
Into the breach comes HealthDataRights.org, a new advocacy site that launched June 22.
Their basic statement is:
In an era when technology is allowing personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable.
All people:
- Have the right to their own health data.
- Have the right to know the source of each health data element.
- Have the right to take possession of a complete copy of their individual health data, without delay, at minimal or no cost. If data exist in computable form, they must be made available in that form, without delay, at minimal or no cost.
- Have the right to share their health data with others as they see fit.
It's a great start -- though I would call it "Health Data Rights Beta Version." I see it more as a discussion generator than as the final word, though perhaps you could say that for the U.S. Bill of Rights as well.
The first thing I would add is a right to challenge the data: You can't simply erase it; doctors and others have rights to the data too, but can append an explanation -- like Wikipedia with the editing visible. Whatever!!
You can read more here, along with a lengthy FAQ.
Disclosure: I was peripherally involved in its creation, and I have signed up as an endorser.
The implications
It's stunning how remote this issue of user rights to data is from all the current debate about health care in Congress and the White House. Personal health records are seen as a vector of efficiency and cost-savings for institutions, a mixed blessing for doctors, and the patients often aren't even mentioned. As the Obama campaign can testify, once you get people online, anything can happen -- and it's not just efficiency!
As I see it, there are two broad (related) problems in health care:
The first is that we as a society are not paying for (and incentivizing) health; we are paying for health care. The flows of funds and the institutions are aligned for the wrong goal. (Well, employers as payers care a little about health as well as health care, but not enough.)
Second, the entity that really does care about health -- the individuals themselves -- are underinformed and disempowered.
With enough meaningful information in the hands of individuals, we can address the second problem directly. And I don't necessarily agree that this is the single most important point in fixing health care, but it's a good start. Good health (not just health care) starts with individuals managing their own health and understanding the impact of their own conditions and behavior.
Ultimately, we may get informed public/patients to understand enough to address the first problem, with their own money and expectations -- and with votes.
The HDR site has an extensive FAQ; here are some Q&As of my own:
How should all this happen?
The best analogy is what happened with financial data. It was kept in silos; it was obscure and hard to get at. Then along came Quicken (and other user software, to be sure). Suddenly the banks' data vaults opened up. Eventually almost all financial institutions let users get hold of their own information and (gasp!) even to aggregate it by themselves. Now there are online services that help users manage their own information, consolidating bank accounts, stock accounts, credit card information and other data. They can massage their own data, and they can compare their own financial metrics to other people's (mostly in aggregate) if they wish.
Unfortunately this didn't stop the subprime mortgage crisis, but perhaps if people had the expectation not only of access to information but of intelligibility, it would have.
I can imagine the same developments in medical information, and ultimately, the same need for intelligibility as well as access. Just as we are not required to hire a consultant to file our taxes, though we may if we want to, we should not have to consult a doctor to see our test results. Over time, online services as well as doctors will offer a variety of tools and personalized content to help us understand and act on our own data. And of course we will still consult doctors -- as much or as little as we want.
What about security?
What if someone else pretends to be you to get your data. Again, the best analogy is financial information -- which is reasonably secure, especially now that most banks are requiring more than just a password. Moreover, a typical thief would much rather get into your bank account than into your health record (despite some recent health care/identity theft stories. most medical fraud is not at the expense of individuals).
What should Obama do?
Of course, Obama doesn't control Congress anyway, and this issue is less about law than about practice. So Obama should use the bully pulpit: he should ask Michelle to try to collect all the family's health records, and talk about the experience!
And more -- beyond the beta:
Of course, there's much more to say, but I am delighted to see HealthDataRights getting the word out. It pretty much sidesteps the issue of privacy -- but the basic notion is that you control your own data and institutions should no longer use the excuse of privacy for denying you access. It is certainly possible -- and desirable -- for individuals not just to get their own data, but to control others' access to it.
By way of disclosure: I am on the board of 23andMe, which offers its members access to and intelligible data about their own genomes. I am an investor in PatientsLikeMe, which encourages chronically ill patients to collect their own data and share it with patients like them, and also with pharma companies who support the site in exchange for access to the data. And finally, I'm a research subject for the (nonprofit) Personal Genome Project, which means I have posted my entire genome plus a pitifully short medical history online; I am also on the PGP's board.