Monday, February 21, 2011

Your private health information: Could it end up on YouTube?

Ok, imagine this.

You take a video of your little girl's soccer practice with your iPhone. Within moments it's posted on YouTube for the grandparents to see.

Minutes later search engines called spiders begin to crawl across the data set of images on your upload. Face recognition technology identifies a face on the video and, with some assistance from the geo-tagging of the built in GPS metadata that accompanied the upload, gets a general location of where the video was made.

It determines that your child has other photos posted on Flickr and also a photo in the local newspaper. Now it associates a name with the face. The name might be associated with a Facebook account.

Maybe there's an article that mentions a parent. The data discovery evolution continues continually attributing identifying information. The parent's information is exhaustive, but most importantly it contains an address.

From a face on a cell phone video, a sexual predator might discover the home and contact information for your child.

All searchable by keyword: soccer, girl, Facebook, my home town.


Its easy to see the danger the internet can pose to children. We all know that. From Net Nanny to Web Watcher there are software and web packages that purport to protect our children.

They are good. But not perfect.

Health information interconnectivity is considered the holy grail of disease management.

In fact, most experts, including me, feel that without a robust means of health care providers sharing information we can never achieve the cost and quality metrics required for optimal health care delivery.

Especially as we enter the world of the ACO - accountable care organizations - where multiple providers may very well be paid to manage the health care of an individual patient, it will be essential to share information.

Cost savings will be dependent on reducing duplicated tests, encouraging patients to fill needed prescriptions for their diabetes or hypertension, or reminding and scheduling patients for preventative health measures like mammograms or a colonoscopy.

And patients will like it.

Can you imagine a doctor visit for an elderly patient where medicines are continually updated including whether they were even filled at the pharmacy?

We have that now in our office and many physicians subscribe to pharmacy data information that can help us know what medications patients are using.

In addition many offices and emergency rooms have access to claims data for some insured patients.

What does this tell you? Well, for one thing, it can report what you have filed on your health insurance as a recent claim including diagnosis codes for illnesses, visits to other emergency rooms or health providers, and procedures you may have had.

It certainly isn't perfect - the coding has to be right and it's stale (often not being updated for months) - but it provides a snapshot of the health care services that you received which in a pinch can provide a physician with some idea of your medical background.

Some insurers will also report medical allergies to round out the picture.

But the problem here is that all the information is fragmented. There are multiple sources, many that are not up-to-date or recent, and they are on many different databases.

The word thrown out a lot by governments and policy gurus is "data warehousing." This would be a central repository of all the available information that could be accessed securely and updated.

The benefits could be great: better managed health care for individuals and populations. Maybe less visits to the emergency rooms for diabetics, fewer readmissions to the hospital for patients with congestive heart failure, and less unnecessary tests for patients with chronic diseases.

The concept of disease case management might be able to lower cost and improve quality. A value statement that would be hard for anyone to argue with.

But are our privacy rules robust enough to protect our patients?

That's really the question.

So imagine these scenarios.

A school district during a new hire review of a teacher discover that she's taken antidepressants in the past. Would this be a good employee to hire?

A drug company does a database query for men with erectile dysfunction as a diagnosis code and who have been prescribed Viagra. They are sent emails and junk mail advertising a new little blue pill.

Your company hires a consultant to lower health insurance costs for your employees. They sell a product that searches the web and ranks future applicants on past health care costs and usage and provides a score. With a high score an applicant doesn't get an interview.

You file a disability claim on your short term disability plan. Your insurance company, by finding your face on a YouTube video and attributing a name, sees that you can play on a YMCA flag football team. See the problem here?

You could write hundreds of these scenarios. Does it mean that we have to shut down interconnectivity and data sharing of sensitive health information?

No. We can't afford too.

We must continue to move the ball forward to achieve quality and cost improvement.

We have no other option.

But it does raise the concern that as we get more and more data on the web, and more and more sophisticated in our processing power, there will be big problems with patient's privacy.

The best thing that could happen would be a systematic process -- where everyone works together -- to create a unified secure database with strong patient protection rules, including who can access the data and how it can be used.

For now we are left with a fragmented system where companies and governments are creating their own plan and their own data warehouses. All of these will have their own rules, security, data, and problems.

So am I scared of posting something on Facebook?

Absolutely not.

Do I think someday someone will be posting the status of my high blood pressure?


- Posted using BlogPress from my iPad

Location:Dallas, Texas

No comments:

Post a Comment