Travis Good writes on the perceived dilemma presented by the movement to give patients control (and therefore, ownership) of their own medical records.
I’ll start off by noting that the HIPAA rule clearly gives health data ownership to the patient at a reasonable cost. ”Great,” you say. ”I can request my record, and find out what is in it for a reasonable fee.” But wait – there are several things going on here.
Just as the HIPAA privacy rule provides the patient with the assumption of privacy, but “not really” (e.g. except when the provider feels the need to share that “private data” for a host of reasons, based on their sound judgment … not much of an expectation of privacy, eh?), the HIPAA rule provides the provider with mechanisms to prevent the release of patient data that is deemed to be, 1) personal notes and observations, 2) information disclosed as confidential, 3) information related to the treatment of a minor, 4) information that might lead to physical harm to the patient or others, 5) information obtained from other physicians still in practice and 6) substance abuse program or certain mental health records.
Armed with these caveats, the provider could, in theory, redact virtually anything from your medical record, and remain on solid legal footing.
Good explains, in general, the approach of physicians to EMR notes, “The reason for the hesitation on the part of physicians is that medical records, at least as they have existed until now, are seen as internal company documents. Companies that document interactions with customers and partners would never share those notes with those same customers and partners. It’s not an apples-to-apples comparison, but that’s how most physicians I talk to view their EHR notes.”
Several observations here:
1) The patient chart is unique in that this transaction is one in which the patient is paying for services, and the creation of the medical record is, in theory, part of the work product of that transaction, paid for by the customer. If the physicians want to keep business records on their customers, let them do it in a separate CRM system, don’t try to convey this line of thinking to the chart (this is absurd, I know, since no physician would do this, but it is disingenuous to convey this line of thinking to the patient chart in order to justify a questionable practice).
2) In the pre-EMR days, if a patient requested her records, and received a photocopy of 80 pages of data with black marker “redacting” certain portions of the record, the patient would be genuinely concerned (and justified in this concern). I have copies of my records from the late 1970′s and through the 1980′s, and the product delivered to me when I requested a copy of my chart was a continuous narrative that spans the period covered – no “redactions.”
Now that we have digitized patient data, there seems to be an assumption that, since it is now technologically possible (and legal) to hide portions of the patient record, it can, and should, be done.
Good goes on to correlate the open notes movement to the new technology that could facilitate patient driven note redaction, and quotes Dr. John Halamka who argues that a partially incomplete note is better than no note at all. Good then makes a leap, saying (in essence) that if there is a movement to allow the patient to redact data from the chart, then this tips the balance away from the provider, who should have (at least) the same ability – justifying the exceptions in the HIPAA rule.
This is a bit of a red herring, I think.
The bottom line is that it serves the patient well to know, and even to be able to dispute, anything that might be in the chart. What if a poor diagnostician notes that, “Mary complains about chronic knee pain, but I don’t think that this is valid pain. Patient is likely seeking muscle relaxers or pain meds,” … when he is actually not correct, and is simply unable to diagnose the symptoms properly? This patient could be haunted by this “drug seeker” reference forever, simply because the note has been hidden.
HIPAA doesn’t do a whole lot assure privacy (our private data isn’t private if providers find a multitude of reasons to share it without our consent), and it also doesn’t give the patient access to her medical record, regardless of appearances to the contrary. It creates the illusion that we have a right to our own patient data when we have, in fact, access to that which the provider deems appropriate to share.
The Blue Button Initiative hopes to make it easier for us to access our personal health information, but it has been tough to get providers and EMR vendors to sign on (and it still doesn’t give us the assurance that we know what is truly in the medical record). Vendors such as Epic Systems have provided portals like My Chart to allow patients to access their health data, but it is a limited subset of information (not the full, legal medical record), and it keeps the data in the Epic ecosystem, making it more difficult to carry to another provider or to have for our own use.
Perhaps providers would document differently if they knew their patients would be able to see all of the notes. I doubt that this will lead to a substantial change in the quality of care. In the end, we will not be able to get our own health data as long as there are broad standards for interpreting the HIPAA rule. I think that it’s time to revisit the current law in light of the provider’s increasing ability to segregate our health information, which is (in the end) ours, and not theirs.