Latitudes and longitudes

The U.S. health care community is not alone in its struggles with privacy, standards and other challenges to the health information technology agenda

As countries worldwide start to develop national electronic health record (EHR) systems, the hope is that those systems will help eliminate medical errors and save lives as well as increase efficiency. Yet countries face common challenges with policies, standards and technologies.

E-health leaders — and industry vendors — believe they can find common solutions to what they see as global rather than national challenges.

Dr. David Brailer, national coordinator for health information technology at the Department of Health and Human Services, said he agrees that the challenges facing health care IT are indeed global, and the United States can learn from other countries.

The nation, Brailer said, "can learn a lot about technical architecture" from the Connecting for Health project of the United Kingdom's National Health Service (NHS), which awarded contacts for a nationwide e-health system two years ago.

Dan Garrett, vice president and managing partner of Computer Sciences Corp.'s Global Health Solutions Division, which has a $1.7 billion contract from NHS to provide an EHR system in the North West and West Midlands regions of England, said he agreed, adding that countries working on EHR systems "don't have to reinvent the wheel."

The United States, for example, is interested in developing a patient identifier system based on a master patient index rather than unique health ID numbers. This concept, new to many people here, is old hat in New Zealand, which has had such a system in place for two decades, said Debbie Chin, deputy director-general of corporate and information at the New Zealand Ministry of Health (see "Master index pitched as patient ID alternative").

But the exchange goes both ways.

Dr. Ian Reinecke, chief executive officer of Australia's National E-Health Transition Authority (NEHTA), funded and backed by the Australian federal, state and territorial governments, sees definite similarities between the United States and Australia in the need for both governments to develop standards and define terms of EHR interoperability.

Both Australian and Canadian health IT experts would like to follow the example of the United States in licensing a standardized clinical terminology database.

In 2003, HHS signed a $32.4 million agreement with the College of American Pathologists to license its Systematized Nomenclature of Human Medicine Clinical Terms database, and HHS plans to make the database freely available to U.S. health care organizations. Reinecke said Australia could take such an approach in developing what he calls a common language for health care.

Richard Alvarez, chief executive officer of Canada Health Infoway, the federally funded nonprofit corporation spearheading e-health in Canada, views e-health as a "global initiative" that requires nations to share knowledge to help solve common problems. "We all need to learn from each other," Alvarez said.

Health IT leaders and vendors take this global view beyond talk. They make the effort to travel globally to exchange ideas. For example, Richard Granger, director general of the Connecting for Health project, has spoken at e-health conferences in the United States, Canada and Australia. Experts' conversations range widely, but inevitably certain themes surface repeatedly, including legislation, funding and public support. But the most common topic is privacy.

The primacy of privacy

Global leaders agree that if e-health systems are to succeed in their respective countries, patients must be assured that the privacy and security of planned EHR systems are the key elements of their design and use. "We have to get privacy right or it's not going to happen," Reinecke said.

The Australian press criticized EHRs because of questions about the privacy and security of pilot projects in Tasmania and New South Wales, which began in July.

New Zealand's Chin said the privacy and security of EHRs are major issues in her country, too. She added that health officials have a strong duty to ensure that information about a condition such as mental illness remains confidential and protected.

Mike Leavitt, HHS secretary, has made privacy and security of EHRs the primary goal of plans to develop a nationwide system in the next decade.

Brailer said privacy is the first principle governing development of a National Health Information Network (NHIN).

Privacy activists in the United States agree that Brailer and HHS need to put privacy first.

In a letter to Brailer earlier this year, Linda Ackerman, staff counsel at Privacy Activism, and Beth Givens, director of the Privacy Rights Clearinghouse, wrote, "in order to be effective, a national network of health records would have to include all available data on individuals in a system: examinations by any health care provider, including mental health providers, surgeries and other procedures."

This "staggering amount of information," the letter states, "would be considered extremely private by most people." Ackerman and Givens go on to say that a key barrier to NHIN "is whether the privacy and security of so much information can be maintained."

But Brailer has a different perspective. He believes EHRs are far more secure and provide more privacy than paper records, which are often left stacked at nurses' stations in hospitals or in physician offices, where even janitors could flip through the records.

E-records, on the other hand, will have built-in access controls and audit trails, he said.

Consumers have far less faith in the privacy or security of EHRs, according to a poll conducted in the United States earlier this year by the Center for Social and Legal Research and Harris Interactive.

Alan Westin, director of the center's Program on Information Technology, Health Records and Privacy, told a meeting of the National Committee on Vital and Health Statistics that the poll showed that 70 percent of Americans are concerned that sensitive medical information might be leaked because of weak data security. Sixty-nine percent worry that medical information could be shared without their knowledge, and 65 percent believe EHRs could increase rather than decrease medical errors.

The survey also indicated a close to even split in public opinion on whether the benefits of EHRs outweigh the privacy risks. Westin said 49 percent of respondents believe the benefits outweigh the risks, while 47 percent said the risks outweigh the benefits. The remaining 4 percent were undecided.

A tough sell

It's a slightly different story in Britain, which is further along with EHRs, but the same concerns surface.

Three out of four people surveyed by research firm YouGov for the British Medical Association (BMA) said they would not mind a central computer system holding their health information. But 75 percent of respondents also said they have concerns about information security, and 81 percent worry that people other than health care professionals could access their information.

"Patients recognize the value of having their health record held centrally but are concerned about who will have access to it and for what purposes," said Barbara Wood, co-chairwoman of the BMA's Patient Liaison Group.

The United Kingdom's NHS is in the second year of a 10-year, $20 billion EHR project. Connecting for Health will provide 50 million NHS patients in England with EHRs that are accessible by about 30,000 doctors.

Westin said the results of his survey indicate that HHS faces a tough job selling EHRs to the American public.

"If a national [EHR] program is to get anywhere with the American public — and ... with Congress and the state legislatures asked to appropriate big bucks for [EHR] projects — the half of the American public that say privacy risks outweigh the benefits will have to be persuaded," Westin said.

Both Brailer and Reinecke used the same phrase to describe what they need to do to convince a citizens reluctant to embrace EHRs: They said their agencies need to engage in a "social dialogue" to win over public opinion.

Think local

Australia, Canada and the United States must deal with privacy laws not only on a national level, but also on a state, territorial or provincial basis.

The thicket of laws and regulations is further compounded by privacy policies within institutions, such as insurers, hospitals and medical practices. The United States has taken the most organized approach to trying to determine how to develop an interoperable EHR within this legal and regulatory jungle.

By the end of this month, HHS plans to award a contact valued at $11.5 million for privacy and security solutions for an interoperable health information exchange.

The winning contractor will work with at least 40 state or territorial governments to examine the impact of their business policies and state laws on security and privacy practices and assess the degree to which they pose challenges to a national health network, according to HHS' request for proposals.

In a conference call with potential bidders, Brailer emphasized that the contract will serve at the intersection between privacy and technology. The privacy contract dovetails with contracts HHS plans to award in September for developing six prototype NHIN architectures, Brailer said.

One of the key goals of the privacy contract is to determine "how we can make data available in a way that still preserves flexibility and protects data privacy," he said.

The involvement of individual states is critical in the privacy contract, Brailer said, because "we don't want to see the dialogue begin by saying, 'What should Washington do about the problem?' We want to be able to see what could be done and that's able to be done by the states."

The economics of interoperability

Assuming the United States and other countries are able to allay public concerns about the privacy of EHRs, they still face numerous political challenges to their adoption, not the least of which is the development of EHR standards.

Interoperability and standards are global issues, Brailer and Reinecke have said, with both the United States and Australia benefiting from progress made by the United Kingdom in developing Connecting for Health's technical architecture.

Both countries plan to use the market power of government health organizations to push standards development, which Brailer said suffers from too many ambiguous standards (see "Mixing, matching and missing," Page s34).

Canada is beginning to take a hard line on interoperability. Alvarez said that Canada Health Infoway will no longer accept vendors' assertions that they have interoperable e-health software. Before Infoway awards a contract, Alvarez will require companies to demonstrate their products' interoperability and standards compliance at a lab Infoway is setting up in partnership with the Centre for Global eHealth Innovation, which is backed by the University Health Network in Toronto.

Brailer said that until recently health IT vendors developed proprietary systems based on a business model that worked for them. But he suggested that those vendors might want to emulate the approach taken by the wireless local-area network vendors and its standards-setting body, the Wi-Fi Alliance. Brailer said standards turned wireless from a niche technology into a mass-market phenomenon, to the benefit of every vendor in the industry.

Brailer said he believes that standards and the development of certified EHR systems could help spur widespread EHR adoption in the United States, where only 20 percent to 25 percent of the country's 650,000 doctors use EHRs due to high costs, which run into the thousands of dollars.

New Zealand has a population of about 4 million people, yet 80 percent of the country's estimated 9,000 doctors use EHR systems, said Ian McCrae, president of Orion Systems International. The company's products are widely used in that country, in Australia and in Alberta, Canada, where Orion has a contract to provide a province-wide EHR system.

New Zealand has such a wide adoption rate because a competitive market has driven down monthly licensing costs to about $100 per general practitioner for EHR software offered by the roughly half-dozen companies active in the New Zealand market, McCrae said.

HealthLink, a company in which Orion owns a majority interest, has established a nationwide network to pass clinical information to and from physician and hospital EHR systems on an equally affordable basis, said Tom Bowden, HealthLink's CEO.

HealthLink, which uses the Health Level 7 standard to ensure interoperability, charges about $50 a month for its basic service, which includes 128K encryption and digital certificates, with an additional $13 for the same service operating over a virtual private network, Bowden said.

HealthLink has signed up about 4,000 physicians for its service in New Zealand and about 3,000 in Australia, Bowden said. Both Orion and HealthLink planned to bid on the U.S. NHIN contracts, but McCrae and Bowden declined to say if their companies would act as prime contractors.

In an effort to stimulate EHR adoption by physicians, the Centers for Medicare and Medicaid Services started providing open-source software for a nominal fee in August. It is based on the Department of Veterans Affairs' Veterans Health Information Systems and Technology Architecture (VistA) software.

Capt. Cynthia Wark, acting deputy director of the information systems group at CMS' Office of Clinical Standards and Quality, said CMS wants to use the new VistA-Office software, developed in conjunction with the VA, to remove cost as a barrier to EHR use. Wark estimated that VistA-Office could save doctors as much as $20,000, the cost of commercial software for a small clinical practice.

Reinecke said he expects open-source software to play a role in the country's nationwide EHR system and cited openEHR software backed by the Australian company Ocean Informatics, as one likely open-source candidate for Australia.

Canada, on the other hand, has all but ruled out the use of open-source software.

Speaking at a conference in May, Alvarez said open-source software was not mature enough for systems he described as "the lifeblood of our way of doing business."

Likewise, Granger shut the door on the use of open-source software in the Connecting for Health project. Speaking at a conference in Toronto earlier this year, he called open-source software "a good competitive instrument" that helped him drive a better bargain with Microsoft, whose software powers NHS' desktop PCs.

A global imperative

Still, the economics of health IT remains daunting, officials say.

Granger said large-scale e-health projects worldwide face a shortage of health IT professionals. He said can't find enough skilled personnel who understand the complexity of clinical software systems and the process change they require.

Alavarez said the biggest challenge he faces is competing for funding in a dollar-starved health care market, which requires convincing stakeholders that it is more worthwhile to put money into an EHR system they cannot see or touch rather than patient beds.

"We have to convince all the stakeholders and decision-makers that e-health is not something that would be nice to do, but something that is absolutely essential to do."

Funding at the federal level in the United States lags behind both Canada and Britain, which have much smaller population bases. While Alavarez has a war chest of about $1 billion to develop a pan-Canadian EHR system through investment partnerships with the country's provinces, Granger manages a $20 billion project. HHS had to fight to keep its fiscal 2006 health IT funding level at the $125 million requested by President Bush.

But despite funding, privacy and standards issues that still must be resolved, health IT has a national and global imperative, Brailer said.

He views health IT as a technology that will go a long way toward empowering patients, freeing doctors from the tragedies of adverse drug interactions and serving as the basis for biosurveillance systems that can track and monitor diseases and pandemics. Those benefits make the effort worthwhile.

Privacy and the generation gap

Younger people have deeper concerns about the privacy of their health records than older people, according to a consumer survey conducted by the HealthConnect health information network run by Australia's Department of Health and Ageing.

People in the 25- to 40-year-old age group were most interested in the privacy protections offered by electronic health records even though they do not have complex or chronic health problems, while older people had fewer concerns, the HealthConnect survey states.

Robert Whitehead, manager for privacy and policy for the HealthConnect trial in Australia's Northern Territory, said this age difference played out even among the Aborigine population, with older people having a clearer understanding of the better care that can be provided with a health system based on electronic rather than paper records.

Anna Johnston, chairwoman of the Australian Privacy Foundation, said younger workers are particularly concerned that electronic information about a genetic condition or mental illness could be leaked to their employers and used against them.

— Bob Brewin

State groups to bid on privacy pact

The Department of Health and Human Services plans to award a consulting contract at the end of this month to help it develop privacy and security solutions for a nationwide interoperable health information exchange. HHS will also examine privacy laws and policies in at least 40 states and territories.

This requirement has attracted bidders not usually associated with federal contracting efforts, such as the National Association of State Chief Information Officers.

Doug Robinson, NASCIO's executive director, said during HHS' pre-proposal conference call that the association plans to bid as a prime contractor representing all the states. The National Governors Association, the National Conference of Commissioners on Uniform State Laws, and the states of Michigan and Minnesota have also registered as potential bidders for the privacy contract.

Dr. David Brailer, national coordinator for health information technology at HHS, said during the conference call that he encourages and welcomes those organizations' interest in the privacy contract.

HHS needs the states' substantial and substantive involvement, he said, adding that their involvement can be achieved "either by the state or through designated organizations involved in health information in the states."

— Bob Brewin

Privacy activists want watchdog board

Does the United States need an electronic health privacy board?

Yes, says Alan Westin, director of the Program on Information Technology, Health Records and Privacy at the Center for Social and Legal Research. He has called for the establishment of an independent electronic health record (EHR) privacy board.

Westin said the board should be responsible for working on standards and investigating privacy problems associated with EHRs.

Two nonprofit privacy organizations agree with the need for oversight of EHRs.

PrivacyActivism and the Privacy Rights Clearinghouse told Dr. David Brailer, national coordinator for health information technology at the Department of Health and Human Services, in a letter earlier this year that it is crucial to establish oversight of EHR privacy issues.

The two groups said the oversight body should have a broad membership, including consumers, the government, representatives of the health care industry, vendors and patient advocates. The oversight body would review privacy compliance issues, investigate patient complaints and conduct training.

— Bob Brewin

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above