Not surprisingly, during the recent National Discussion on Health Information Technology and Privacy held on the web, the issue of privacy was at the forefront. The issue of mental health information privacy was of the utmost concern. I discuss the privacy debate in this post, and offer an innovative solution.
Who Should Own One's Personal Health Information?
A knowledgeable participant at the online conference, Laura Groshong, LICSW, Director, Government Relations, Clinical Social Work Association, offered these wise words:
I agree with her comment. It would be foolish for a consumer to dictate whether or not their primary care doctor or medical specialist should be allowed to view their lab results, imaging studies, etc. since it may be a life threatening decision for which consumers are ill-prepared to make. However, they should have control over whether their employers (or others) get to see this type of health information.
I also agree that mental health information is a special case.
For one thing, most mental health information is not life threatening, except, perhaps, suicidal and homicidal ideation/tendencies. When providers have knowledge that such dangerous behavior is likely, they are required to report to authorities (along with and sex and physical abuse). Consumer/patient consent is not needed.
In any case, I believe consumers should have full ownership/control over whom, if anyone, gets to see any other consumer-generated mental health information. This include information about their cognitions (thoughts, beliefs, perceptions), emotions, behavioral tendencies, psychosocial history, interpersonal relationships, etc. it.
And if someone doesn't have the capacity to make determinations about sharing the health information, a health proxy (or other "trusted partner") could assist them.
Please realize that I'm not talking about giving mental health consumers access to and control over their providers' session notes, or even giving specific individuals their mental health diagnoses or professional observations prematurely if it is clear such knowledge would cause irreparable harm to the treatment/recovery process. What I am referring to is the information contained in one's personal health record or personal health profile.
So, to me, it's not about having consumers track and control all their health information by disallowing their healthcare providers from accessing essential information needed to make life-saving and wellness decisions. Instead, it's about having control over who gets to see one's mental health information, and who, other than the physician(s) involved in one's care, is authorized to view one's biomedical and genetic information.
Next, I'm going to share some thoughts about the kinds of information that should and shouldn't to be under a consumer's direct control, and what to do about it.
Types of Personal Health Information
As I mentioned above, there are some types of personal health information (PHI) that should not be under the direct control of the consumer, at least not without a warning. And even if consumers have some control over that information, it makes little sense to force them to approve each and every piece of data that is shared with their healthcare providers. Other types of PHI, however, should be under a consumer's complete control…every piece, piece by piece.
Determining PHI control in a logical manner requires dividing the information into different categories by classifying them according to some taxonomy. These PHI categories are comprised of "data sets," i.e., groups of related data. Rules can then be applied to these data sets, which dictate the way each particular piece of data in that category is controlled.
I will now offer a possible classification scheme, which categorizes PHI into seven data sets. I will also suggest who should, and should not, have access to that information.
1. Personal Identifiers
Personal identifiers include a person's name, address, and other information that can be used to identify the person to whom the PHI refers. It is important for professionals providing healthcare to a patient, as well as those paying for a patient's care. It should not be made available to others, however, unless the consumer consents or HIPAA rules demand it. For research purposes, a people's PHI should be de-identified to protect their privacy by removing this data set.
2. Personal Demographics
A person's demographics refer to information that places the individual in a specific group based on such data as:
Some of these data may be useful in making medical treatment decisions, including one's age, gender, and possibly race. And others may be useful in mental health care. Nevertheless, demographic data are essential for most clinical research.
3. Emergency Medical and End-of-Life Care Information
Emergency medical and end-of-life care information includes such data as:
Any authorized provider delivering care to a person in an emergency ought to have access to this information, even if the person is unable to consent at the time. That means a "limited data set," which I discuss later, would be released to particular types of professionals in an emergency, without requiring a consumer's consent each time. See this HIPAA flowchart for more.
4. Biomedical Health PHI and Genetic Information
Biomedical health and genetic PHI includes health history, current health status, health risk information, as well as genetic information. This data set contains biomedical and psychological data about a person's:
Much of this information would useful for most physicians treating a patient, as well as one's wellness coaches/counselors and others involved with a consumer's physical wellbeing. A global, one-time consent authorizing such information to be shared among one's physicians is justified, as well as allowing a person to authorize other types of practitioners to access specific data in this category.
Note that people with health problems or risks are unlikely to want their employers or health plans (insurers) to have access to this PHI as it may be used to make employment and insurance decisions that are not in their best interests. This issue is complex and includes debates over whether genetic data should be considered private or proprietary, as well as causing various ethical dilemmas.
Another issue is whether any of this PHI should be sent to public health agencies if there is reason to believe that a person has a seriously contagious illness, or if there are multiple people in a region with a health problem that may be indicative of an outbreak (pandemic, epidemic, or terrorist attack). This issue is addressed by the HIPAA Privacy Rule and Public Health.
5. Mental Health PHI
Mental health PHI includes all psychological, psychiatric, and psychosocial information. This broad data set encompasses information about one's perceptual, emotional, cognitive, behavioral, and social life. It includes a huge diversity of information, such as:
Is it worth computerizing such mental health information? I say YES it is because failure to digitize and share such PHI:
At the same time, failure to protect a person's psychological information is destructive and simply unacceptable, whether it is in electronic or paper form.
So, who (in addition to the consumer) should be authorized to access a consumer's mental health PHI? Well, it depends on what the particular information is in this data set.
It is no surprise that mental health practitioners would benefit from having access to the vast majority of this information since it is helpful with treatment planning and delivery. They would also benefit from combining this information with the certain biomedical and genetic information (e.g., to determine if medication side-effects or medical illnesses are presenting as or exacerbating one's physiological symptoms, to understand if psychological stress or emotional distress are adversely affecting one's physiology, etc.).
Integrating some of this mental health information with their patients' biomedical information would also benefit non-psychiatric physicians by helping them understand their patients' health status and needs in an integrated whole-person manner that encompasses both the mind and body. The value of this comprehensive information would, for example, help physicians:
Now to the question: Who should control a consumer's mental health information? I assert it should be the consumer him/herself, and the information should be controlled at a granular level of detail. That is, they should be to determine how is authorized to view each piece of data, and it should be blocked from everyone else.
6. PHI regarding Physical Activity, Exercise, Nutrition, Energy Levels
PHI regarding one's level of physical activity, degree of exercise, nutrition, and energy drains and boosters would be useful to all healthcare providers, and at would be key information for wellness coaches/counselors.
7. PHI for Research Purposes
All the PHI data sets above would be useful for different types of clinical research. Since personal identifiers are not necessary for this type of aggregate analysis, the data should be de-identified before being sent for research. If the person's identity is guaranteed protected, I don't see an urgent need for authorization, although it will likely be required. I'd even go so far as to recommend that consumers and their healthcare providers be paid by those using their PHI for research, even when the information is de-identified. I say this because such payments may promote greater use of electronic health record systems in general, as well as support research efforts.
How Consumers can Control their PHI
There are at least two mechanisms by which consumers can control their PHI when it has been digitized.
Limited Data Set Control
One method is to predefine "limited data sets" in which only a particular sub-sets of PHI in the categories discussed above shared with particular types of authorized persons. In some cases a consumer would have to consent only one time to authorize particular healthcare professionals to access and share their PHI. In other cases, no consumer consent may be required (e.g., for the protection of public health). And in still others, consent may be required every time.
These data sets may include information from one or multiple PHI categories. Note that there may be times to allow a consumer to override a limited data set in order to restrict access to particular pieces of data.
To make all this happen, a health information technology tool must automatically manage a variety of rules that define the data sets, authorize the appropriate recipients, and give a consumer the ability to override the rules when appropriate.
Granular Authorization Control
Granular authorization control means giving a consumer the ability to authorize access to certain types of healthcare professionals, and prevent access from others, for each and every piece of data in the various PHI categories. This may include overriding certain limited data sets, as well as having complete control of all other data sets.
For convenience sake, the consumer should be able to authorization each piece one time, and then be able to update the authorizations whenever desired. In addition, if a consumer fails to authorize certain providers of specific information they need to do their jobs effectively, or if s/he removes the prior authorization of those professionals, a warning should appear informing the consumer that their action is unwise. Likewise, if the consumer (mistakenly) authorizes certain provides to access certain sensitive data they do not need, another alert should appear letting him/her know what is being done.
Combined Control in Personal Health Records/Profiles
When it comes to personal health records (PHRs), there ought to be combined controls. That is, a consumer ought to be able to implement a one-time authorization of limited data sets for certain PHI categories, as well as authorizing the rest of their PHI via granular control, and be guided by the warnings and alerts as describe above. This means the consumer needs a clear-cut way to recognize the authorization status of each piece of data in every PHI category, and to be instructed along the way.
There is no PHR in existence that has these capabilities. However, our Personal Health Profiler™ already does it! I will discuss this in my next blog.