The Emergence of a Health Information System: A White Elephant?

Health care is an important issue in the United States, as 47 million Americans are without health insurance coverage, and spending is projected to rise to $4 trillion or 20% of GDP by 2016. In a report prepared for the Commonwealth Fund Commission on High Performance Health System, the authors recommended four key areas of policy adoption that will simultaneously improve health care access, quality, and overall health of the population. The top priority is to produce and use better information for health care decision-making. This means having a national health information storage system or network of systems that can be updated regularly, efficiently, and be accessible at the point of care. Such a system holds the promises of delivering better care, lowering costs, and reducing medical errors. It also tends to benefit stakeholders, such as providers, payers, and the hospital systems.

On February 28, Google unveiled its plan to launch a personal medical record service, at a health care conference in Florida. Under this plan, a password-protected Web service (as shown to the left) stores health records on Google computers, with a medical service directory that lets users input doctor’s records, drug history, and test results. Currently, Google is reported to be in the process of signing deals with hospitals and companies including medical tester Quest Diagnostics Inc, Health Insurer Aetna Inc, Walgreens and Wal-Mart Inc pharmacies. Google’s announcement is a significant addition to the prevailing health care reform momentum. Google’s biggest rival, Microsoft, has a similar service (as pictured below) offered under its Health Vault services. Other start-ups in the field include Revolution Health, a company backed by former AOL Chairman Steve Case. The U.S. government has ambitious plans to put in place a national network to share health data with all relevant parties by 2014. With the involvement of market participants like Google and Microsoft, the nation may reach the finishing line sooner than the United Kingdom.

In 2002, the United Kingdom embarked on a similar program to computerize patient’s health records and to make them available at the point of care by doctors. The program was reported in the U.K. Parliament to be the largest IT work in the U.K., involving a budget of £2.3b (about US $4.66 billion) over a three year period. The budget was later increased to £12.4bn extended over 10 years. Edward Leigh, the chairman of the Commons Public Accounts Committee issued a report in April 2007 saying, “This is the biggest IT project in the world and it is turning into the biggest disaster.” Unlike in the U.K., the U.S commercial enterprises have taken charge of the enormous project. According to Deloitte Touche Tohmatsu, there are currently more than 160 Health Information Exchanges (HIEs) in the U.S. that are either up and running or under development. Supporting the development is a large pool of technology-savvy individuals working in businesses like IBM, Oracle, Siemens, AG, and other small business concerns. They provide technical solutions such as the digitalization of records, adapting facsimile technology to feed information electronically, reducing individual identity to no more than a bar-code, and other functions that deliver the promises of patient-controlled and privacy protection that the system makes. Perhaps due to the lack of awareness of these technological advancement or possibility, patient privacy issue continues to show up in public discussion.

The World Privacy Forum raised the issue in February 2008 in its article entitled, “Why many PHRs Threaten Privacy.” The World Privacy Forum is a non-profit public interest research and consumer education group which was founded in 2003. I find the discussion rather restrained and limited to the technical loopholes which exist in the current version of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a federal rule that establishes a baseline for health privacy in the United States, and was enacted in 1995 long before many smaller Personal Health Record (PHR) players came into business. HIPAA must be amended to close such technical loopholes in order to add credibility or integrity to such a health information system. In reality, such a system adds no additional risk to patient privacy than what already exists. Robert Gellman, the author of the above-mentioned article said, “The PHR record is a copy but not the only copy.” The health information about consumers held by their physicians, health plans, dentists, laboratories, pharmacies remains exactly where it was before it entered the PHR.

Looking at the Microsoft Health Vault website, one gets a sense that it is sensitive to patients’ privacy rights. The website highlights its privacy commitment policy on the top right (see image above). In the same manner, and in announcing the launch of Google’s Health service, its CEO Eric Schmidt seemed to understand the patients’ desire to have full control; the individuals’ right to privacy; and the security issue that goes with it. He began his key note speech on the subject of privacy and security before he talked about the platform, portability, and other features in the system. It is reasonable to assume that both Google and Microsoft have the financial resources to educate and convert new users. After looking into the world of E-bay, E-trade, Amazon.com, and internet banking, where consumers willingly provide their personal information and transact electronically at the point of consumption or need, I can confidently expect the emerging health information system to be eventually widely accepted. According to the New York Times, 20% of the U.S. patient population has their records computerized rather than on paper. This pool of patients provides a good foundation upon which to build a national health information system.