Home

Privacy is Contextual

posted by Cindy Throop on October 31, 2009

A couple of times in the last week, the issue of health data privacy come up. Privacy is a really important issue. Usually. As a researcher, I regularly sign documents promising to keep the data I work with confidential. I have spent many hours deciding which pieces of data to remove from data sets before they are released publicly.

Mobile Health (mHealth)

(Mobile, or mHealth is public health practice supported by mobile devices such as phones.)

In theory, privacy is incredibly important, but in practice this is not always the case. I heard (secondhand) about a question from the audience at the mHealth conference the other day. Someone was expressing concern about how personal health data is being transmitted via text message in developing countries. What about privacy issues?

photo_by_wayan_vota
(photo by Wayan Vota)

The (very unofficial and unscientific) consensus at the mHealth tweetup (which I did attend and the people I was talking with were doing work in developing countries) was basically this:

People are dying. What is more important...saving lives or privacy?

Privacy is a concern and certainly, must be addressed to the degree possible. At the same time, it shouldn't bring innovation to a screeching halt. I look forward to talking more with Michael Downey from OpenMRS about how context affects privacy concerns in international health development work.

It will be interesting to think through issues of privacy from an international perspective and how that compares to how the issue is perceived and dealt with in the U.S.

Comments

Privacy as value exchange

Submitted by @IT_Innovation on November 7, 2009 - 8:47am.

Many privacy discussions center on policy and technology to protect privacy. We need such discussions. But what if we turn the discussion upside down? Instead of approaching privacy as something to lose, we examine what is to be gained.

Let me explain.

Some 15 years ago I signed up with Yahoo for an e-mail. I was willing to let Yahoo, then an emerging company, have access to (store on their servers) my most private communications in exchange for a free e-mail account. I was willing to exchange a level of privacy for value. The point is that we trade privacy for value on a daily basis.

Patient centered healthcare and electronic Health Information Exchange (HIE) presents a similar opportunity. Much of the privacy discussion regarding HITECH 2009 and the Health Care Stimulus package is centered upon protecting privacy. Great. But we should also allow patients to exchange privacy in return for benefit. Subsequently, the exchange of Electronic Health Records (EHR) required by 2015 should be seen as much more than transmitting data for healthcare providers to claim Medicare and Medicaid payments.

Instead, there is a huge opportunity for consumers. Imagine. All our EHRs from the wide variety of providers we may see over a lifetime aggregated in one place. Patient access to such information can inform our personal healthcare decisions. The result is the potential to drive increased quality and reduce costs.

Yes, let’s protect privacy. But let’s also consider the value of exchange that is inherent in privacy.

Can we get it together?

Submitted by David Collin on November 8, 2009 - 3:19pm.

2015?! It just dawned on me how far in the future that is! By then the whole picture of technology, health2.0, patient participation, decision tools will have moved on a long ways. Unless the EHR developers make very insightful design decisions I have a hard time seeing how health records from the "mainframe" mentality of traditional medicine will interface with personal records. Unless allowance is made for easy APIs for patient or consumer data I expect that EHR and PHR will be on such different tracks they may never get together.

Policy Matters in Interoperability

Submitted by @IT_Innovation on November 8, 2009 - 5:54pm.

David, there are interim deadlines to the federal 2015 mandate. Meanwhile, cash incentives start flowing in 2011 for providers to demonstrate "meaningful use" of EHR. Fines follow incentives. I am not certain that I am interpreting the literature correctly. However, it appears that business standards for interoperability will be prescribed but specific technology will not. http://tinyurl.com/n4tcbr

The challenge of bringing EHR and PHR in alignment I believe is more a policy question than it is technology. Currently only a handful of the operational health information exchanges allow patients to access their EHRs, according to a survey done by http://www.ehealthinitiative.org/.

We need to change this. National standards should require that designated Health Information Organizations (HIO) be able to provide online self-service to patients. Thus, personal health records (PHR) would be populated from the data aggregated by HIOs instead of millions of consumers banging away at keyboards trying to create a PHR from scratch.