Please ask yourself what is the holy grail of healthcare information systems? Your answer might not be same as everybody else’s but you can be sure that quite many people will name “interoperability”.
Interoperability has been one if the most demanding, challenging demands of healthcare, and to be honest despite all the work, the problem still remains. However, at least we have standards like HL7 which has been alive for the last 20 years, we have initiatives like OpenEHR, EN 13606 etc. You can spend a lifetime on these subjects, and I actually know people who have done so, but for the moment let’s try to dream of that sweet future where we have no interoperability problems.
In this feature, since you can easily plug in to any data source “technically”, you can now move healthcare data around, save lives and be happy and rich (this part of the dream is for heatlhcare IT people) Right?
Wrong! By that time (I’m afraid to give a year) you’ll still have the issue of privacy, and legal constraints related to it. So even if you were able to seamlessly connect data sources, you’d still have a hard time moving people’s data around, since you need to deal with legal issues.
People have the right to demand that their sensitive information is handled and used in a proper manner. The proper manner is a vogue definition, but it is for sure that anonymity for health related data is a strong demand. Considering the very large amount of data that we are collecting in healthcare, there appears to be a very promising opportunity: all this healthcare data can be reused. Research, analysis, quality assurance, performance benchmarks, you name it.
It is very hard to find actual health data, since you can’t just go to care provider and request their data for the last 10 years, whatever your intension is. Even if you do not care about the format of the data, you can’t, unless you get data that can not be used to identify people in the care process. If however, you can get data in a form that is still consistent (same patient’s data for say 2 years) but de-identified, you have a very interesting opportunity. Actually both parties have an interesting opportunity, you can reuse existing data for a completely different purpose, and the care provider, patient or community can benefit from the outcomes.
To accomplish this, we need de-identification. This is a well recognized requirement. Jamia has this document that provides a good starting point. NHS is also aware of this requirement, and Sapior provides a product that is also being used in the NSH. Sapior provides this link which says that according to EC, pseudonymised data is not subject to data protection act! This is very interesting news actually, since it might basically open the doors for a second hand healthcare data market in EU.
For USA, things seem to be a little bit shaky in legal domain. HIPAA de-identification rules provide guidance for de-identification but HIPAA does not seem to cover all institutions, so secondary health data related operations might be problematic in terms of legal constrains. The issue is well recognized, and seems to be goings somewhere both in UK and USA. I’d love to hear what’s going on in Australia by the way.
Finally, it seems to me that de-identification is a very good candidate for a service layer that sits on top of a EHR repository. Anyone hearing this from OpenEHR?
Check out web for open source de-identification, pseudonymization frameworks, and you’ll see that not much exists. IBM has a product for this purpose, but for healthcare, this still seems like an important requirement without serious effort for the solution. I’d love to be corrected about any of this, if there is something wrong with it.