Hi Chris, One always has to check the 'terms and conditions' of the agreement between the Patient and the Provider. Generalizing may lead one down the wrong path.
Comments in text. -Thomas Clark ----- Original Message ----- From: "Christopher Feahr" <[email protected]> To: "Thomas Clark" <tclark at hcsystems.com>; "norbert Lipszyc" <irl at club-internet.fr>; <openehr-technical at openehr.org> Sent: Wednesday, August 06, 2003 11:51 AM Subject: Re: Distributed Records - An approach > the "control" issue is an interesting one. In the US, it is generally > acknowledged that the patient "owns" the information in the record, but > not the record, per se. NOTE: check 'terms and conditions'. If unsure, consult a qualified attorney. ... There would be no legal basis that I can think > of, for the patient to assert control over where the records are > physically stored. If the records are stored by the Patient then it may be the case that the Patient owns both the information and the physical record. Consult a qualified attorney. ... The law guarantees the patient reasonable access to > a true copy of the info. NOTE: Although supposedly a fundamental perceived right in HIPAA I reserve comment until it has been adequately demonstrated and precedent established in the courts. Unless statements in a legislature act are specifically identified as rights and recovery for violation of those rights are clear and unambiguous you might have a struggle establishing the statement as a right (interpretation of a legislative act, or what was the intent of the legislature). Consult a qualified attorney. ... and control over who else may see it (while it > is *identified* as information about the patient... no control over > "de-identified" data). COMMENT: Control over access to information/records, in my opinion, is actual control only where it is ABSOLUTE CONTROL AND violations are specifically proscribed under the law. My interpretation of HIPAA is that control by the Patient is NOT ABSOLUTE. Consult a qualified attorney. ... With respect to access and general security, > HIPAA is now the common floor in the US, with the occasionally stricter > state and local regulations "trumping" the HIPAA Privacy and Security > Rules. > COMMENT: This gets into 'supremacy' of the laws, i.e., federal versus state law. Checkout the insurance industry in the US and what impacts state Insurance Commissioners have. HIPAA affects healthcare insurance providers in a big way and they have successfully lobbied for specific provisions. How come the 50 states have previously been unable to successfully pass legislation at least as significant as HIPAA? Consult a qualified attorney. > BTW, a group of doctors here have introduced an even more problematic > concept, they refer to as "stewardship". They are particularly > concerned about data stores that will accumulate with e-Prescribing, and > they do not want the information about what drugs are being prescribed > going into marketing-oriented databases. This is a problem that DOES NOT EXIST in the UK (single-payer system with rigid privacy/security laws). Insurance companies have been compiling data on Patients and Drugs for some time even though they have agreed with Congress not to do this. It is a real problem. An adequate discussion on this can be carried on only with a qualified attorney present. ... The HIPAA Privacy Rule would > certainly preclude that with patient- or provider-*identified* > information. COMMENT: I suspect that this one should be handled by a qualified attorney. ... But HIPAA allows de-identified health information to be > passed around freely. COMMENT: Personally I view this as a security violation since little definition is provided as to how Patient records become 'de-identified'. Providers at all levels should be bound by the privacy/security presumed and expected by the Patient. 'de-identifying' records for whatever purpose is really tricky, e.g., if the clinic has had only one Patient in the last ten years with a rare disease and you are the Patient, one might consult a qualified attorney. Be sure to consult a qualified Plaintiffs attorney on this one. These docs seem to even want to retain a legal > "stewardship" role with de-identified information... not likely to > happen. Immediately coming to mind is 'intent of the law' and judicial interpretation of the law. My guess is that "stewardship" does not rise to a position superior to federal law. Be sure to consult a qualified Plaintiffs attorney on this one. COMMENT: The majority of your post includes issues properly addressed by qualified attorneys, defendant and plaintiff; some issues better answered by one or the other but each better equiped to answer than I am.The common-law jurisdictions in the US and the federal code and judicial system need to be considered when making plans that involve or make contact with HIPAA. > > Christopher J. Feahr, O.D. > Optiserv Consulting (Vision Industry) > Office: (707) 579-4984 > Cell: (707) 529-2268 > http //Optiserv.com > http //VisionDataStandard.org > ----- Original Message ----- > From: "Thomas Clark" <tclark at hcsystems.com> > To: "norbert Lipszyc" <irl at club-internet.fr>; "Christopher Feahr" > <chris at optiserv.com>; <openehr-technical at openehr.org> > Sent: Wednesday, August 06, 2003 10:54 AM > Subject: Re: Distributed Records - An approach > > > > Hi Norbert, > > > > Agree regarding the Patient's choice. It is a basic presumption on my > > part and I too often forget to state it. > > > > Regional databases that maintain Patient records should be responsible > to > > the Patient who in turn dictates the 'terms and conditions, the major > > loophole being prevailing law. However, the Patient should be able to > > choose where to store the records (especially where paying to do so). > > > > Given a choice between the US and France I would choose to store them > > in France because of the higher levels of security. > > > > Before deployment, and as soon as possible, these types of > requirements > > must be integrated in the design and affecting all levels. I just > forget to > > mention them. > > > > -Thomas Clark > > > > ----- Original Message ----- > > From: "norbert Lipszyc" <irl at club-internet.fr> > > To: "Christopher Feahr" <chris at optiserv.com>; <lakewood at copper.net>; > > <openehr-technical at openehr.org> > > Sent: Wednesday, August 06, 2003 1:23 AM > > Subject: Re: Distributed Records - An approach > > > > > > > The remarks of Christopher Feahr are very adequate, but they > overlook the > > > fact that in many areas, patients will have the decision as to where > they > > > want their records to be kept (trusted third parties for example, as > in > > the > > > case of electronic signatures). therefore his conclusions are even > more > > > appropriate as they allow this freedom which is essential in many > > countries, > > > France in particular. > > > Norbert Lipszyc > > > ----- Message d'origine ----- > > > De : Christopher Feahr <chris at optiserv.com> > > > ? : <lakewood at copper.net>; <openehr-technical at openehr.org> > > > Envoy? : mardi 5 ao?t 2003 17:28 > > > Objet : Re: Distributed Records - An approach > > > > > > > > > > Thomas, > > > > This sounds workable to me. If I am understanding you correctly, > we > > > > need one (and only one??) registry in which anyone, anywhere (who > is > > > > authorized, of course) could look up a patient and determine which > > > > "region" had master control at the moment over his record. If I'm > a > > > > provider living in the region where the records are primarily > managed, > > > > then when my system attempted to look up, say, the date of his > last > > > > Tetanus vaccination, it would find it immediately. If I was a > provider > > > > visited while the patient was traveling outside his "home" region, > then > > > > the same local query about his tetanus shot would tell me: "hold > on a > > > > minute, while we search all known registries to see where this > guy's > > > > home-region is... where his most current records will be located". > ... > > > > and then my region does a full record update from the current home > > > > region? or just try to display his tetanus vaccination history? > > > > > > > > One of the problems alluded to is that different regions might be > using > > > > very different EHR structures. Thus a simple "record refresh" in > region > > > > B from the information stored in Region A is not so simple. It > would > > > > involve mappings at least, and possibly even data transformation. > The > > > > inability to assume an overarching authority seems to be the > Achilles > > > > heel. After a dozen record "movements" from one region to the > next, > > > > many little mapping and transformation errors may have accumulated > to > > > > thoroughly hose up the medical information in the patient's > "master" > > > > record. > > > > > > > > One way around the central record managing authority would be to > have > > > > VERY FEW regions... each with a well organized regional > authority... who > > > > come together under a global organization and work out a very > tight > > > > choreography for these refresh/hand-off operations. But this > sounds > > > > harder and no more likely to be created as one single authority > such as > > > > the UN imposing the requirements on all regions. > > > > > > > > I believe that the most critical point for global standardization > and > > > > what we must aim for (first) is the information in the record. > When the > > > > world has settled into that (something that will ALSO require a > central > > > > authority, but just for standardizing what the information > elements > > > > mean, not for choreographing complex record-merge operations), > people > > > > will gradually come around to the idea of moving to the next level > of > > > > system interoperability, with standard record structures. > > > > > > > > With only the information standardized globally, two large and > > > > cooperative regions (say, US and Australia) could still choose to > create > > > > a US-Aus. information authority and orchestrate a high level of > > > > interoperability for patients and providers floating anywhere > within our > > > > two countries. If the "functional regions" initially were more > along > > > > the sizes of counties and states, then we'd have a lot more hassle > and > > > > negotiating. So I would suggest the world start with the largest > sized > > > > regions that could be reasonably managed with the same EHR > structure. > > > > > > > > The critical issue for all regional participants would be a > strong, > > > > competent regional authority... that operated in conformance to a > set of > > > > well defined "regional authority rules"... maintained by the UN?? > > > > > > > > Christopher J. Feahr, O.D. > > > > Optiserv Consulting (Vision Industry) > > > > Office: (707) 579-4984 > > > > Cell: (707) 529-2268 > > > > http //Optiserv.com > > > > http //VisionDataStandard.org > > > > ----- Original Message ----- > > > > From: <lakewood at copper.net> > > > > To: <openehr-technical at openehr.org> > > > > Sent: Tuesday, August 05, 2003 12:11 AM > > > > Subject: Distributed Records - An approach > > > > > > > > > > > > > Hi All, > > > > > > > > > > With a background in fault tolerant computing I have a built-in > > > > penchant for > > > > > distributed files that are exact/backup copies of a master. > Works > > > > wonders > > > > > for > > > > > financial transactions. > > > > > > > > > > I don't believe that this model fits EHRs especially since one > can > > > > conceive > > > > > of > > > > > parallel, e.g., close proximity in time, operations directed at > > > > > modifications > > > > > originating at geographically distant locations.These > operations, even > > > > they > > > > > occur > > > > > across town (Clinic and distant Lab) create problems for record > > > > management. > > > > > > > > > > Tying record management to physical location is not a solution. > Remote > > > > > medicine complicates this immediately. However, a constant > occurs > > > > > immediately, > > > > > presuming that we do not have to deal with human clones (put a > > > > <dash-number> > > > > > in the ID). The Patient ID is it. Traditional approaches would > require > > > > that > > > > > in all > > > > > the world there is only one unique person being considered. > > > > (hopefully). > > > > > > > > > > Hence each region could contain entries on residents, > transients, > > > > visitors. > > > > > tourists, etc. that somehow make contact with healthcare > > > > > facilities/Practitioners > > > > > in the region. > > > > > > > > > > Registering the IDs and updating the regional databases requires > that > > > > only > > > > > those > > > > > regional Patients be administered. > > > > > > > > > > National and international databases can be established that > will > > > > receive > > > > > and store > > > > > regional registrations of Patient IDs, allowing one to scan > these > > > > databases > > > > > to > > > > > determine who holds regional records on individual Patients. One > can > > > > then > > > > > retrieve all the records or part of them. This substantially > reduces > > > > the > > > > > need for > > > > > storage and bandwidth to manage records on a global scale. > > > > > > > > > > I presume that there is no need to have matching records for > > > > individual > > > > > Patients > > > > > in all regions this Patient has been in an made contact with the > > > > healthcare > > > > > industry. If I take a cruise on the Rhine and require medical > > > > attention it > > > > > makes no > > > > > sense to burden whatever region manages that healthcare system > with > > > > anything > > > > > more than they had a tourist with a weak stomach. > > > > > > > > > > It would be nice to have a distributed registry that would show > where > > > > I had > > > > > to > > > > > stop off and get some help. At least the Public Health personnel > would > > > > > appreciate > > > > > it. > > > > > > > > > > The important thing to me is to be able to access all the known > > > > records and > > > > > bundle them in a way that is appropriate for the healthcare > personnel > > > > > handling > > > > > my latest complaints. > > > > > > > > > > BTW: The Fault Tolerant/Highly Available Systems can make sure > that > > > > the > > > > > information requested is available but the applications have to > > > > structure > > > > > it. > > > > > > > > > > -Thomas Clark > > > > > > > > > > > > > > > - > > > > > If you have any questions about using this list, > > > > > please send a message to d.lloyd at openehr.org > > > > > > > > - > > > > If you have any questions about using this list, > > > > please send a message to d.lloyd at openehr.org > > > > > > > > > > - > > > If you have any questions about using this list, > > > please send a message to d.lloyd at openehr.org > > > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
