By Dennis Sutterfield, VP & CIO, SUNY Downstate Health Sciences University
Healthcare organizations need an explicit plan for sharing PHI that provides a foundation of trust for patients while simultaneously inspiring confidence for clinical teams. This plan meets a federal requirement and adheres to a “more is better” logic. Specifically, when patients have access to their health data as soon as it is available, it makes their lives better. This is technically challenging. The plan is often tiered with sharing of patient data at a local, regional and national level. This simple concept combines vital aspects, like access and integrity, of any good process. Most importantly, it requires bi-directional trust, which has proved to be as difficult as any technical or regulatory requirement to achieve. Trust occurs over time. It also requires revaluation over the course of a relationship. Signing a one-time consent to allow your personal data to be shared, that is legal in nature, is a form of an ongoing relationship but in and of itself, not the basis of one that on its own inspires longitudinal trust. How are the most successful healthcare organizations incorporating ongoing patient feedback and education as to how their data being shared is adding value to their healthcare journey? Do patients extend the trust they have built with their local healthcare providers to everyone else getting access to their data? Do they even understand this is occurring? Why is an educational component not linked to the mandate to share patient information? These are some of the questions we faced that need to meet these requirements or else be penalized. It is a lot to juggle.
The race to interoperability remains fast-paced and complex. Much focus remains on the how and what and perfecting compliance.
Data Sharing Vision
Understanding that visions are conceptual, the simple vision for any healthcare organization is the patient is at the center of all they do. This premise should govern all decision-making. In everything done, the intent is to make patients’ lives better. However, for this to be successful, there must be a clear understanding and ongoing process for patient feedback. Part of any vision is the messaging component. Data sharing is very technical in nature and hard to message at the concept level. Internally, this has been a struggle to accurately educate leaders on the concepts and talking points. Sometimes, because of this complexity, not much messaging and/or education has occurred. Also, many organizations have emphasized the technical proficiency of meeting all data sharing requirements first. Understanding how or if this is making their patients lives better has been addressed secondarily or not at all. Many organizations have a Patient Experience office. In the race to share with a patient as much of their health information as possible, this office has felt the pain and frustration of patients that are confused and upset. The lack of messaging and education to internal staff make these conversations with patients awkward and frustrating. Instead of helping, it escalates their concerns. Trust is affected.
Patient Rights and Patient Education
What do we want to teach and help our patients better understand? How is access to their patient data helping their healthcare journey? These are difficult questions to answer at a granular level. For example, one area of complexity is that we don’t have a unique patient identifier. This has been codified in federal law. We’re not allowed to have a unique patient identifier across the US. What we have is called a master patient index (MPI). And in that MPI, someone assigned an MPI number to you, which is unique, but specific to this system. It does not translate to other systems within a healthcare organization and it is not easily shared with outside organizations unless they use that same system. The local or state HIE that exist try to do the best job possible, but again, there is no global identifier to give an overall picture of what care looks like based on movement around the US. This is very confusing to patients and even to some providers. They have been told their personal information is being shared, but their provider says they do not have access to it. They then, of course, want to know who is seeing their info without their knowledge. These are the calls fielded daily by physician offices, EDs, or anyone patients think can answer the question of “why is this not working for me”? Trust feels broken. Depending on your setting and patient population, there is an innate fear and distrust of technology. Also, in some cultures, talking to the doctor is a social event. Patients receive rides, perhaps a meal and a chance to interact with others when they may live more isolated. They want and need personal interaction as it provides comfort they don’t understand well. This has to be considered and programmed for as well. In this example, we should be asking “if this enhances of patient’s lives” more often and then mapping that back to how we educate and then respect their rights. Sometimes, they may not feel a government mandate is in their best interest. How is that being addressed at the macro level?
Internal Ownership/ Governance/Controls
Mandates in healthcare get the attention of senior leaders. They too can find dollars for internal investments to meet the mandate. Cross-functional groups are convened quickly and easily at first and plans are crafted to become compliant. Rarely does the planning of how to meet the mandate include long-term understanding and investment of people, processes and systems. Fiscal penalties are strong motivators but often do not drive long-term revenue growth. Once an organization becomes compliant, interest wanes. The transition to support is just expected. But in solving this mandate, you have created yet another program that needs ongoing leadership, tuning, funding, monitoring and surveillance. Organizations then see this as a burden instead of optimizing how it can add value to their patient’s lives.
The race to interoperability remains fast-paced and complex. Much of the focus remains on the how and what and perfecting compliance. Much more of the discussion needs to occur on how this adds value for our patients, how are their rights being considered (other than HIPPA compliance) and how organizations build the infrastructure needed to support them ongoing. As trusted advisors, data sharing and its value should be much easier to understand and explain to all involved with tangible and measurable results of reliable improvements. It is a fantastic problem to solve.