Patient Privacy

By Aaron Miri, CIO, The University of Texas at Austin

A few weeks ago, my 4 year old daughter was receiving her annual flu shot and a routine primary care checkup. Much to my surprise, the front desk staff mentioned a much higher deductible than what I had anticipated. When questioned, they had gotten her mixed up with another patient being seen at the same time. Had I not been a healthcare delivery “battle trained” professional, I would have shrugged it off as a common mistake. However, this mix-up is such a common issue within the industry that studies have shown on a daily basis that up to 700 patients a day are negatively affected. Based on New England journal of medicine study.

Imagine that, in our privacy obsessed world, we have convinced ourselves that it’s okay to accept 700 or more people get to be impacted daily and that’s simply the cost of doing business. While I’m the first to preach the notion of – “Don’t be Creepy with your technology”, there’s got to be a better balancing act between the importance of patient privacy and patient safety. Numerous organizations such as HIMSS, CHIME, AHIMA, The Pew Charitable Trust, and others have said the same thing and offered numerous facts and white papers.

In an industry where we are blanketed with exhausting marketing lingo of the potential promise of blockchain, how artificial intelligence will one day take over the world and lead us to the promise land, or industry proclamations of a patients social determinants of health data should be the new gold standard treatment purposes – why is it that we can’t simply protect a patients information? The answer is unfortunately, a complicated one and lies within process and communication and not necessarily technology.

In a previous life, I had the fun opportunity to co-lead a clinician/patient experience team, where we got to rapidly iterate on solutions to help on both provider and patient satisfaction. Amazingly, each idea started as a “we need better tech” and ended up turning into “we need a better process.” In one specific example, we needed a way to better handle transitions between levels of care within the hospital, such as a patient moving from the ICU to a Med Surg unit and so forth. The solution was a simple secondary color-coded armband, not to be confused with the primary arm band received during admission, that followed the patient so that when a member of the staff wheeled the patient to a new area, an appropriate color color-coded armband was printed up, and was placed on the patient in that unit. This way during report or any huddles and rounding, you quickly could assess that the patient was in the right area and someone had received appropriate hand off. What we saw was an immediate improvement in physician and patient satisfaction and the cost was a simple low tech solution that while yes it did involve some elements of patient information on an arm band it helped mitigate the risk of wrong site surgeries, patient mix-up, adverse medication consequences, etc.

There is tremendous potential with an organizationally weighted and common sense tradeoff between patient privacy and patient’s data. You may be asking – why were you successful in this and how did you as the CIO convince anyone worried? The answer is simple: transparency. The organizational performance data we were looking at showed clearly we needed to do this and in transparent conversations with the staff and with the patients, this paid off because it was a focus on patient safety.

While health systems are the custodian of the patient owned data, more must be done by the healthcare delivery systems of the 21st century to find their common sense patient information trade-off “wins” and share the patient safety power of common sense discussions openly. If you look at the language of the 21st Century Cures Act signed into law a few years ago, it’s clear that this was part of the intent, which was to help transparently empower patients with their information.

Take another example of mine from a previous life; when some newborns come into this world they aren’t named during delivery for a whole host of reasons. Often the baby is nicknamed “baby boy Jones” or “baby girl Alex” or whatever may be the case. With our melting pot of a society, you can imagine easily how there may be numerous Baby Boy Jones at a time in a NICU. In order to mitigate the risk of a wrong patient identified, it took a small army of health professionals to match common demographics in order to ensure correct patient identification. A mistake here could easily be fatal to say a very sick neonate. Why do we continue to be ok with this risk and not further mitigate it with common sense approaches? In fact, the issue is so prevalent that the ECRI Institute found that in one study at a healthcare provider, the rate of pediatric misidentification was as high as 20.4% Click here (PDF) for full study.

While we as an industry must do a much better job in complete transparency to our patients, holding our vendors accountable for any 3rd party data access and use, and ensuring we continue to communicate with our lawmakers; it’s up to all of us to unite together and collectively ask how do we advance patient safety and not let fear stand in the way of advancing a better way of patient care.


Share now: