You Have My Data, Where’s My Access?

Jurisdictional EHRs across Canada are reaching the point where they have enough years’ worth of data to make it worthwhile to give consumers access to their data. Numerous studies have shown that the proper application of consumer eHealth applications can reduce costs, increase patient satisfaction, and improve outcomesi. So why are organizations across North America struggling to figure out the best methods to give consumers access to their health informationii.

Notwithstanding any legal, regulatory or policy barriers, two of the biggest challenges are related to the business process associated with initial identity proofing of the consumer and integration of their health information from across multiple data sources. The good news is that architectural patterns and supporting standards are starting to be adopted to help resolve these challenges.

From an application perspective, industry literature often describes two ways to give consumers access to their electronic health information through untethered and tethered applications.

Untethered applications, such as a standalone Personal Health Record (PHR), are applications that allow a person to manually enter their own health information or effectively import it from another source, giving people control over what information they chose to collect. Importing wellness data from something like a Fitbit device or calorie counting app on a person’s phone has the usual challenges of agreeing on common data standards between different companies. The bigger challenge though is getting a person’s health data from another organization imported into their untethered application.

In the US, the Blue Button initiative legislated in the US effectively gives consumers the ability to access a website provided by their health service delivery organization (e.g. a hospital or family physician) or their insurer and download their health data in the HL7 Consolidated Clinical Document Architecture (C-CDA) format and import it into their untethered application if it supports the Blue Button framework of standards. In theory, untethered applications that can export data following the same set of standards allows consumers to then choose with whom to share their information. The benefit of this approach is that it can simplify some aspects of managing consent because the consumer is in control of who they share their data with.

Sharing data using this model leads to challenges in data provenance (i.e. ensuring that metadata about where the data initiated from stays with the data throughout any exchange) and data immutability (i.e. ensuring the data is not altered from one source to the next). For consumers with chronic diseases or complex care needs with multiple providers, constantly gathering and sharing data from the different providers is difficult. Furthermore, many consumers have cited barriers to sharing because the receiving software can’t handle the different C-CDA implementations due to some of the inherent flexibility of C-CDA and the sheer number of different types of documents consumers haveiii.

In the US, the National Association for Trusted Exchange (NATE)iv is a non-profit organization that is doing excellent work to help overcome some of the legal, policy and technical barriers to providing consumers access to their information, by helping trading partners establish ‘trust bundles’ that allow organizations to have common agreements that their applications support the same data provenance, immutability and security methods, as well as adhere to applicable legislations such as HIPAA.

Applications such as a patient portals or other application that can directly access a person’s health data safeguarded by a single organization are often referred to as ‘tethered’. This term implies that the application can only access patient’s data in the organization’s systems such as a cloud based EMR or HIS. This approach simplifies the data exchange standards challenge, because the tethered application is designed to work with the organization’s systems that house the consumer’s health data. The tethered approach can simplify the ‘trust model’ as a single organization is responsible for ensuring the consumer facing application adheres to the same legislative, policy and security requirements. But it, may limit the ability of the consumer to import other data or share the data with another provider.

Regardless of the application type, a consumer who wants electronic access to their health data from their provider has to be authenticated. Before credentials such as a user name and password can be issued to a consumer, their identity has to be confirmed. This process is often called identity proofing. The National Institute of Technology (NIST) developed a framework that describes four levels of assurance for confirming a person’s identityv. NIST Level 3 generally requires an inperson confirmation of a consumer’s identity, such as presenting photo ID at a point of service, before issuing any authentication credentials to them. NIST Level 3 is emerging as the common approach selected by organizations like the Veterans Health Administration who want to give consumers access to their health information.

In Canada, identity proofing represents a significant business barrier to providing consumers with access to information the jurisdictional EHR. Inperson identity proofing and issuing of authentication credentials would require jurisdictional governments to work with other organizations that are able to authenticate a consumer at a point of service, such as in a primary care clinic, hospital, or a government services office that renews health cards. This method would require extensive training for the people at the point of service as well as potentially new funding models given the mandate to provide a new service. A change of this magnitude is never cheap and can quickly become a pawn in political battles related to compensations and budgets. Adding to the jurisdiction’s cost burden is the need to provide ongoing technical support for consumers who forget their user name or password.

The system benefits of consumer access to health information vary greatly between different populations, whether defined by age, socioeconomic factors, or health concerns (e.g. diabetes vs. dissociative identity disorder). Given the business and technical complexities of providing consumers with access to the information in the EHR, it’s understandable that the cost-benefit analysis is not a simple task and jurisdictional governments across Canada are proceeding cautiously into this space.

i Understanding the Gap between Desire for and Use of Consumer Health Solutions. Zalmer and Hagens. Accessed from http:// on May 15, 2015.

ii http://www.healthdatamanagement. com/news/Patient-Access-to-Medical- Records-Remains-Hindered-51256-1. html?zkPrintable=true

iii http://www.healthdatamanagement. com/news/Patient-Access-to-Medical- Records-Remains-Hindered-51256-1. html?zkPrintable=true


v campus-initiatives/user-authentication-levelsassurance/

share this article...
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn