Hack:
Power to the individual! Controlling who can see my health record!
A new model of engaging with the public about managing access to health records is required. The model needs to shift from the current position where others determine who can see your private health information, to a reality where the individual can decide who can see their information. The question is "how can we utilise the digital and mobile technology currently available to make this possible"?
Imagine a system where you could go to a website, (or an application on your mobile device) and from there can nominate the health professionals that you approve to have full access to your health record, with or without any prior approval required? They are in your ‘circle of confidence’?
Also, when a health professional (not in your circle of confidence) wants to access your health record, they could swipe their individual bar code or finger-print into an application and send the request for access to your mobile device, in real time. This bar code would have embedded within it details about the requesting health professional including name, professional qualification, registration status, and facility where they work. The health professional would be able to state the reason for requiring access and the length of time for which access is required. From that mobile device application, you can then either approve or deny access, or add that person to your ‘circle of confidence’.
If you are at your family health physician's clinic and they wish to refer you to a specialist – the physician could send a message to the application on your mobile device from a link within the patient management system to enable you to add this specialist to your ‘circle of confidence’ prior to the specialist service receiving the referral!
Imagine also, when you travel overseas and need to access healthcare. The healthcare provider could request access to your health record in your home country - your actual personal health record!
The power would be with the individual. The individual would control access. For those times when such control is not possible, through either an emergency situation or incapacity, there would be the option for the health professional to ‘break the glass’ and gain access. They would need to provide such information as to who they are, and why they needed this access, so after the event you can gain assurances from reviewing your access log, that the access was appropriate.
A new model of engaging with the public about managing access to health records is required. The model needs to shift from a situation where others determine who can see your private health information, to a reality where the individual can decide who can see their information. The question is how can we utilise the digital and mobile technology available to make this possible?
Imagine a system where you could go to a website, or an application on your mobile phone and from there nominate the health professionals that you approve to have full access to your health record, without any prior approval required? They are your ‘circle of confidence’.
Or, when a health professional (not in your circle of confidence) wants to access your health record, they swipe their individual bar code or finger print into an application and send to your mobile phone in real time, the request for access. This bar code would have embedded within it details about the health professional including name, professional qualification, registration status and facility where they work. The health professional would be able to state the reason for requiring access, and the length of time that access is required for. From your mobile phone aplication, you can then either approve or deny access, or add the person to your ‘circle of confidence’.
If you are at your family health physician and they wish to refer you to a specialist – the physician can send a message to your application on your mobile phone from a link within the patient management system to enable you to add this person to your ‘circle of confidence’ prior to the specialist service receiving the referral!
Imagine when you travel overseas and need to access healthcare. The healthcare provider can request access to your health record in your home country, making it really your personal health record!
The power would be with the individual. The individual would control access. For those times when such control is not possible, through either an emergency situation or incapacity, there is the option for the health professional to ‘break the glass’ and gain access. They would need to provide the information on who they are, and why they needed this access, so when recovered, you can gain some assurances that the access was appropriate.
- Persons subscribed to this system would have full control over who can access their health record, without the need for further audits on access.
- Finger-print or bar-code identification for health professionals, containing all relevant information provides security of authenticity of the health professional making the request.
- Potential for reduced demand on health provider organisations to audit access.
- Health professionals have better access to comprehensive health information about the individual enabling better decision-making relating to treatment options.
- Support the 'connectedness' of all health records held across different health information management systems.
- An emergency situation where a person cannot provide consent. The solution for such occasions would be a 'break the glass' option, where access can be pushed through, but with a report available for the individual or family at a later date.
- A situation where a person is not competent to consent. The solution for this circumstance may include either transferring the right of consent electronically to the legally designated person responsible to act on behalf of that individual, or maybe these circumstances do not lend themselves to this system.
- Occasions where the individual does not respond to the request for access. The solution for such circumstances may be that the system is configured such that following a specific number of unanswered requests; the 'break the glass' scenario could be applied. In such situations, a message would be sent to the individual to inform them of this action. This places the responsibility back on the individual that holds the power to control access. This could form part of the informed consent that is obtained at the sign-up of the individual.
- Technological challenges in terms of integrating with the numerous patient management and electronic record systems internationally. The solution to this may be that the application works through a system that is external to the various systems, but is linked through a URL.
- Persons may wish to have parts of their health record private and other parts accessible to only some health professionals. The solution here may be to segment the health record into distinct access levels with the ability to mark specific segments private. In such circumstances, part of the request received on the mobile phone may specifiy the components of the record that are to be made available.
- Maintaining records of the users' mobile device numbers. The concept behind this system is to give power to the individual, but with power comes responsibility - the responsibility of maintaining currency of such information. The solution here would be two-fold. Firstly the person would be able to access a web-link to change information on line such as mobile phone numbers and 'circle of confidence'. Secondly, on sign up, the individual would need to be fully informed of their responsibilities, including the potential consequences associated with not responding to requests.
- Development of URL and the Application.
- Development of finger-print and / or bar code identification system for health professionals.
- Establish linkages between the Application to health records to enable access to be approved through use of the Application.
- Establish linkages between finger-print / bar code system and URL and Application.
- Assurances of security integrity throughout the system.
Ruth Kibble. MBA Student, Massey University New Zealand.
You need to register in order to submit a comment.