As I've mentioned in my entries about personal health records and my recent Dispatch from HIMSS , 2008 is an important year for personal health records that are linked to clinical EHRs, employer sponsored, payer based, and commercially offered. Yesterday, Google publicly announced their Google Health application which is the Cool Technology of the Week. A disclosure - I did serve on the Google Health Advisory Council over the past year.
The concept behind Google Health is that patients login to the Google application using credentials that are secure but not trusted. This means that anyone can set up a Google Health profile, but there is no specific assertion of identity. I can claim I'm Bill Clinton if I want to.
Once in Google Health, I can manually add information about my problem lists, medication lists, allergies etc. and get decision support about my conditions. However, it's unlikely that many people will enter their data manually. A much more powerful approach is self populate the personal health record based on standards-based connections to hospitals, laboratories, clinics and pharmacies. Cleveland Clinic was the first partner to support this connection. Beth Israel Deaconess will be a part of the next group of connections.
To self populate the Google Health record, a patient who has a relationship to one of the Google interfaced providers, just clicks on the icon of their hospital. That icon offers up to 3 links. In the case of BIDMC, we'll offer
Upload your records
Make an Appointment
Securely Email your Clinicians
If a patient clicks on Upload your records, they will be asked to login to BIDMC's Personal Health Record, Patientsite, using the secure credentials that have been issued by their doctor, validating the patient's identity. Once they sign a consent, they will be given the option to initiate an upload of problems, medications, allergies and laboratories into Google Health. The patient initiates this transfer, with their consent, after understanding the risks and benefits of doing so. Once the data is in Google Health, the value to the consumer is expert decision support, disease information, and medication information based on the patient's data.
There have been several articles about the Google/Cleveland Clinic pilot and Microsoft Health Vault/Mayo pilot noting that none of the organizations have signed HIPAA business associate agreements with each other. The reason for this is that Google and Microsoft are not HIPAA covered entities or business associates. Their products are just secure storage containers used by the patient, like a flash drive. The patient can delete the data at any time, apply privacy flags, print the data, and add to the data. Since the patient is in total control, there are no covered entity or business associate issues.
As part of the Google Advisory Council, I can tell you that many thoughtful people worked on the legal, technical, and policy issues around data use. Google will not advertise based on this data, resell it, data mine it , or repurpose it in an way. These consumer centric policies are similiar to the best practices adopted by Microsoft Health Vault.
It's important to me that in my role as chair of the national standards effort, HITSP, that I support all the major personal health record initiatives with interoperability. I've committed to Microsoft that BIDMC will work with Health Vault. I've committed to Dossia that we'll link with their Indivo Health platform. It's my hope that all of these efforts will converge to use one plug and play standard for clinical content and transport. Once they do, patients will be able to select the personal health record of their choice based on features, not just data.
No comments:
Post a Comment