Comments Submitted to NCVHS Ad Hoc Workgroup on Secondary Uses of Health Data, July 25, 2007
From Deborah Collyar, President, PAIR: Patient Advocates In Research

CONTEXT SETTING

  1. What policies, enablers, or restrictions might facilitate or impede achieving the benefit of using electronically transmissible personal health data
    1. for quality improvement ?
    2. for uses other than direct patient care?
  • DC response:
    • Misuse of personal information must have strict penalties associated with them.  We must prohibit the misuse of personal information by external parties regarding a person’s ability to secure a livelihood, health insurance, etc. while still allowing some third parties (i.e. researchers) to be able to use the information for purposes that will help society, and possibly that individual in the future.
    • Currently, HIPAA has created many barriers for scientists who have legitimate reasons to secure patient identified information.  HIPAA also contradicts some of the protections that were already in place through the Common Rule regulations that OHRP is responsible for.  Meanwhile, the financial industry is able to collect medical and other personal information on people without impunity – why is this possible?
    • The ability for doctors, pathologists, and researchers to share a patient’s personal information, biospecimens and the data related to them must be supported and enabled.  This applies to all forms of diagnostics, discovery, validation of markers, clinical trials, and the delivery of new tests and products that will help get better results to people more quickly.  Safeguards to secure personal information from misuse should also be applied, and standards for these safeguards should be established so that a minimum level of protection becomes a required element.
    • It is also imperative that either a certain portion of a biospecimen or the information  that is generated from it (once it is validated) is made available to the patient so that future tests and procedures that are developed from new research may contribute to possible future care options for that person.  Currently, this may not be possible, due to the requirement to anonymize information in order to use health data and biospecimens.
    • It is critical that extramural input, including those of us who advocate for patients within the research enterprise, is part of the decision-making process that will lead to any new policies for identified health data.
  1. Do you believe current laws provide sufficient privacy and security protection for identifiable health data to be used in quality measurement, reporting, and improvement? If so, which laws are you referencing? If not, what gaps exist?
    1. Do you believe current laws are sufficiently understood by covered entities, business associations, consumers, and others?
    2. If not, what would help assure understanding?
  • DC response:
    • Current laws such as HIPAA make it more difficult for patients to get their own records, and for researchers to be able to use vital data to conduct their studies that could lead to better care and treatment for people with diseases.  While the intent of HIPAA is admirable, the implementation is cumbersome at best.  It is not understood by anyone in the system.
    • Covered entities often go too far in their interpretation of HIPAA; business associations often go through the motions in order to get what they need; consumers/patients are in the habit of signing one more form at any medical facility in order to get treated.  In other words, the intent of protecting people through HIPAA is not being realized.
    • Today, many physicians are hindered in providing timely diagnoses, treatment, or other care because they cannot share personal patient information due to local policies that were established due to HIPAA.  I cannot imagine that was the intent.
    • It is critical that any impending laws or amendments to them create a process that follows the implementation consequences through case scenarios before it is enacted.  This process should include representatives of each group that will be impacted by these laws (i.e. healthcare providers, researchers, patient advocates, and patients).
    • Today, many researchers cannot share data or biospecimens or run clinical trials between medical/scientific institutions.  Their institutional policies, HIPAA, or other policies are making it virtually impossible.  The problem is that based on many biological discoveries, no one institution has enough patients with certain characteristics to be able to study or develop new deliverables.  They have to learn to share in an environment that has set up a myriad of barriers to do so.
    • At a minimum, clearer guidance must be established so that patient can access their own records and data easily.  Specific guidance should also be established for research purposes.  Any additional guidance created should also be disseminated to all health-related institutions and healthcare providers, as well as the public.  A plan and implementation process is critical, as are outcome measurements.