28 June 2013
Shared Care Records and Privacy
We live in the proverbial interesting times when it comes to information. Never before has so much information about us been held, collated, analysed and shared. A couple of decades ago, a trip to the shop would have left a fleeting memory in your shopkeeper’s mind and a dent in your bank balance. Now it might leave records of parking payments, EFTPOS transactions, loyalty card purchases, mobile phone calls and security camera footage. We are tracked and traced in our day-to-day lives like never before.
And, mostly, we don’t mind. Because it’s convenient. Each piece of information is individually trivial, the thinking goes, so who cares? Of course, that’s not the full picture – even ‘trivial’ information about a person can be used to create a very accurate picture of them just as thousands of brush strokes make up a painting. But we are mostly willing to accept convenience in exchange for giving out those bits of trivial information.
But health information is definitely not trivial. It’s valued in a way that, say, our supermarket shopping lists are not. And it’s important; my doctor not having accurate and up to date information about me might put my life at risk.
But it is still just information. And computers don’t care whether the information they are processing is a heart scan or a holiday plan. So we can ask: why isn’t my health information as simply and readily accessible as my bank balance? Why, if I break my leg on a holiday, doesn’t the local hospital have information specific to me? How can I be sure my health information will be kept safe from hackers and nosey parkers? Why isn’t our health information more convenient?
One way to achieve the right balance of safety and convenience is to have an electronic summary record of care, a shared care record. There are a number of obstacles in the way.
The first difficult issue to resolve is that the health sector is vast and various. There are Ministries, DHBs, PHOs, GPs, specialists, NGOs and patients who all might have a claim on a given piece of health information. Managing the flow of information between these groups is not something that can just be imposed from above; it has to be developed from the ground up. Trying to impose a solution by fiat can lead to expensive fiascos like the United Kingdom’s 12 billion pound failure of a shared care record.
Instead, in New Zealand, we are seeing the development of a range of different systems that hold only the information from, say, a Wairarapa GP’s system that an Emergency Department in a Southland hospital might need. These systems are, mainly, being developed regionally.
And this is important because the second big issue to resolve is trust. People trust their GPs deeply, but that trust doesn’t necessarily extend to the hundreds of thousands of people who have access to the National Health Index. In turn, if GPs are to assuage their patients’ concerns then they need to trust that other parts of the health sector are only seeing that information for good reasons. All these trust relationships form a web. If the web of trust expands too quickly or too wide, we risk breaking it.
To keep that web of trust in one piece it’s important that the people that health consumers trust most, their GPs, are involved from the start. Not getting the GPs on board from the start with the UK project was, I’m told, one of the major reasons why it failed. If GPs know why the information is being shared, and with whom, they can talk through the confidentiality issues with their patients.
A topic that might come up in those discussions is “opt-in” vs “opt-out”. Opt-in, where patients explicitly sign up to a shared care record, provides the greatest protection. But it also severely limits the usefulness of the record, because only a fraction of patients are going to sign on. Checking a shared care record for allergies and current medication is not going to be a good use of an ED doctor’s time if there’s only a 1 in 10 chance it has any information on it.
Opt-out, by contrast, puts people on the record without seeking their permission but lets them remove themselves at any time if they want to. This leans heavily on patient trust in the GP, since it is GP information that is used to populate the record. It also means the GP may be left holding the can if it goes wrong.
Behind all this is control. Privacy is about giving people some control over their own information in the face of technological developments that threaten that control. Shared care records have a lot of health benefits but they also change the balance of control, because information that was safely in the care of the GP’s computer system is being sent outside that system.
Of course, external access to a shared record in a non-emergency setting needs permission from the person or their representative, so there’s some protection there. And electronic records show who has been accessing them, so there’s potentially a huge increase in transparency when people are able to audit their own records.
To keep the balance of control in the right place, GPs need to have a clear idea about what patient information is being shared. They need to take steps to keep their patients informed, with posters, brochures, and face-to-face discussions so they can keep patients’ trust. All that said, I do think that some kind of shared care record is, in time, inevitable. And I’m cautiously confident that, with the right amount of care and foresight, the times we’ll end up living in will be the good kind of interesting rather than the other sort.