Historically, the American healthcare delivery system has rewarded providers for the number of patients seen and procedures performed. For example, seeing twice as many patients in a day resulted in more income for providers; and admitting more patients to a hospital enabled the hospital to collect more money. Today, the American healthcare delivery system is transitioning from a volume-based approach to a value-based approach. As this transition progresses, providers will be increasingly rewarded for the quality of care provided as measured by patient outcomes; ePatients are one of the major forces driving this transition.
This Column, Part III, is the third of a three-part series dealing with ePatients and implications for nursing. Part I of the series described the concept of ePatients. ePatients are equipped, enabled, empowered, and engaged in their health and healthcare decisions. They use the internet to gather information related to their health, they use electronic communication tools (including Web 2.0 and Web 3.0 tools) in managing their health. Part II explored the role of the United States (U.S.) Federal Government in empowering ePatients. This column, Part III, points out that there is still much work to be done, and calls on nursing to play a leadership role in ensuring the empowering of ePatients.
What are the Problems?
The U.S. Federal government, through HIPAA, has guaranteed that patients have a right to their health data. Both the electronic health record requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), and the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) are providing financial incentives for hospitals and doctors’ offices to provide that data. With these laws in place, why would there be any problems for patients who want to access their health data? Actually, there are currently several remaining problems. Examples of these problems include:
- The lack of interoperability, in cooperation with Murphy’s Law, can make it impossible for many patients to effectively access their personal health data
- Patients can be denied access to data collected through medical research
- Patients are denied access to data collected via prescribed medical devices
After exploring these problems, this column raises the question: As an advocate for patients, what is the role of nursing in ensuring that patients have access to their data?
The Lack of Interoperability in Cooperation with Murphy's Law
Murphy’s Law states that "anything that can go wrong will go wrong." Several examples of how Murphy’s Law plays out within a health care system with poorly planned and implemented information-access procedures developed by healthcare institutions, such as hospitals and physicians' offices, are presented on a web site maintained by the National Partnership for Women & Families and titled GetMyHealthDate: Patient Stories (n.d.a.). The site also includes some bright spots. I strongly encourage you to check this website listed below in the References and to read these patient stories for yourself.
The National Partnership for Women & Families, a nonprofit, nonpartisan 501(c)3 organization, focuses considerable effort on influencing policy and legal issues that impact women’s health and working conditions (National Partnership for Women & Families, n.d.b.). As part of that mission they have taken a leadership role in ensuring that patients can actually get their personal health data, believing that “consumer demand for their digital health data will position patients as equal partners in care and create fundamental change in the healthcare system" (National Partnership for Women & Families, 2015, para 4). In this leadership role, they are coordinating the 'GetMyHealthData' campaign.
The GetMyHealthData campaign is a collaborative effort of consumer organizations, healthcare experts, former policy makers, and technology organizations that believe consumer access to digital health information is essential both for better health and for better care. One of the organizations participating in this work is the Alliance for Nursing Informatics www.allianceni.org.
Patients' descriptions of their frustrations demonstrate the difficulty they have in obtaining bits and pieces of their health record. In no case is a patient trying to obtain an accurate comprehensive healthcare record. In our current, fragmented, healthcare system the concept of a comprehensive and accurate health record is only a concept. It is not even close to being a reality. This is of course understandable given the fact that the American healthcare systems have evolved as a patchwork of services offered by a wide variety of profit and not-for-profit organizations. Examples of these organizations range from large, multinational, pharmacy companies to small, storefront, free clinics. Competition within and between these many players has led to additional fragmentation.
An excellent example of how this fragmentation is seen from a patient’s perspective is detailed in an article titled, “A Patient’s Perspective on Health Information Management,” by James H. Lytle, EdD (2017). Dr. Lytle is a patient with Parkinson’s disease (PD) who receives his medical care from a large academic medical center with an EHR. However, because of the complexity of the healthcare center only a subset of his healthcare team has access to the information within his EHR. In many cases, he was the person responsible for ensuring communication between these various professionals.
As health professionals well know, PD can provide a patient with a number of surprises, so it is interesting to note that Dr. Lytle has written: "What has most surprised me since my diagnosis is the disconnect between providers who have responsibility for my well-being, my health information records, and the stance of my care team" (Lytle, 2017, p. e11). He goes on to explain thus: "As I think about it, I’m struck that the health care record system, at least the one I have access to, is designed as an accounting, marketing, liability protection, departmental control, and communications system, but not as a comprehensive and responsive information system" (Lytle, 2017, e12).
Patients Can Legally be Denied Access to Data Collected Through Medical Research
Individual’s rights under HIPAA to access their health information applies only to the information in the designated record set. “The HIPAA privacy rule defines the designated record set as a group of records maintained by or for a covered entity that may include patient medical and billing records; the enrollment, payment, claims, adjudication, and cases or medical management record systems maintained by or for a health plan; or information used in whole or in part to make care-related decisions” (AHIMA, 2011). This definition is important when discussing the complex question of when and how participants in medical research can be denied access to test results performed as part of a research study.
The Johns Hopkins Medicine Institutional Review Board (IRB) maintains a web page titled HIPAA Questions and Answers Relating to Research. On this page they furnish their response to the question: Do the HIPAA requirements allow for participants to request a copy of any structured interviews they completed/responded to as part of the study? The question regarding the results of research laboratory tests was answered with the following statement: We are taking the position that a research record is not part of the “designated record set” and that only information that is entered into an individual’s medical record during the course of the research would be part of the “designated record set” (Johns Hopkins Medicine, n.d.).
The National Institutes of Health (NIH) has commented on this issue in responding to the question: What does the HIPAA Privacy Rule say about a research participant's right of access to research records or results? The answer provided is limited to a clinical trial. In their answer, NIH explains that if the research results are being maintained in the medical record of the individual that is used for their diagnosis and treatment or in their billing records, the individual’s access to the information is covered under HIPAA. However, the patient/research participant can be denied this information until the research study has been completed (National Institutes of Health, n.d.). If, however, the personal health information from the research is maintained by the researcher in files that are separate from the medical records, HIPAA access rules will not apply.
Patients Can be Denied Access to Data Collected via Prescribed Medical Devices
Medical devices are defined and regulated by the U.S. Federal Food and Drug Administration (FDA). Any device that is used “in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease” is a medical device (U.S. Federal Food and Drug Administration, 2014, para 3).
For the purposes of this discussion, we are going to focus on one particular medical device, the implantable cardioverter defibrillator (ICD). However, the situation described below could occur with any medical device that is used to collect personal health information by the company that manufactures the device. Some well-recognized names of companies that manufacture ICDs include Medtronic, Boston Scientific, Abbott (previously St. Jude Medical), and Biotronik. These devices not only deliver an electrical shock when needed, but they also collect information for the company about the device, as well as information about the cardiac status of the patient. Some of these data are then used to prepare a summary for the physician.
Although these companies are collecting personal health data, they have resisted sharing these data directly with patients. In the past, that section of the company involved with ICDs was not considered a ‘covered entity' or business associate as defined by HIPAA regulations (HealthIT.Gov, 2005; Medtronic, 2015); nor were the companies interested in providing this information to patients (Campos, 2015; Marcus & Weaver, 2012). In the references cited they provide several reasons for their resistance to providing this information to patients. For example:
Medtronic says federal rules prohibit giving Ms. Hubbard's data to anyone but her doctor and hospital. "Our customers are physicians and hospitals," said Elizabeth Hoff, general manager of Medtronic's data business. Medtronic "would need regulatory approval to give patients the data," she said. It hasn't sought approval because "we don't have this massive demand,"(Marcus & Weaver, 2012, para 5).
However, an additional reason could be the marketing value of these data, in that some companies, including Medtronic, are pushing to turn the data into money. Ms. Hoff said, "the company is contemplating selling the data to health systems or insurers that could use it to predict diseases and possibly lower their costs” (Marcus & Weaver, 2012, para 6).
Although these companies were not interested in sharing personal health data with patients, there are patients who are interested in obtaining these data and with good reason. One example is that of Hugo Campos, who, with a great of personal effort, money, and technical expertise was able to capture the needed data. Using that data, Hugo determined that in his case Scotch whisky was a trigger for atrial arrhythmia. For a patient with a chronic heart condition that can lead to sudden cardiac death, this could be lifesaving information. To quote Hugo: “Cardiac device data are as important to heart patients as blood glucose data is to self-monitoring of diabetes mellitus patients” (Campos, 2015, para 11).
In response to these types of issues, the FDA (2016) released a draft document titled Dissemination of Patient-Specific Information from Devices: Draft Guidance. At the beginning of this document, the FDA points out that this document "Contains Nonbinding Recommendations -Draft - Not for Implementation. “In general the document supports, but does not require direct patient access to such data.
Although not generally required under the Federal Food, Drug, and Cosmetic Act (FD&C Act), manufacturers may share patient-specific information (recorded, stored, processed, retrieved, and/or derived from a legally marketed medical device, consistent with the intended use of that medical device) with patients at the patient's request, without obtaining additional premarket review before doing so (FDA, 2016, p. 4).
The comment period for this document ended August 10, 2016. As of the date this column was accepted for publication, no final rule or additional information had been provided by the FDA.
Conclusion: Nurses Need to Empower ePatients
The days when the nurse did everything for patients that patients could not do for themselves have long passed, if those days ever existed. Rather than do for the patient, we must now empower the patient to work with us as colleagues and peers in identifying and managing their health. As professionals we are responsible for our own practice, but the patient and their selected representatives, (with rare exceptions) have the final responsibility for decisions related to their own health. Within our scope of practice we must now move to proactively embrace the responsibility for ensuring that patients have easy access to information that is relevant, timely, and presented in forms that can be understood by each unique patient.
Ramona Nelson, PhD, RN-BC, ANEF, FAAN