How Patients and Providers Might Exchange Information in Encounters that Maximize Patient Privacy

We in health information technology have been talking incessantly about the importance of data sharing to promote higher-quality health care. We are convinced that sharing healthcare data will lead to better decisions with fewer unnecessary tests and more appropriate therapeutic decisions. Unfortunately, the evidence does not support this contention. Meta-analyses have not found clear evidence to support medication reconciliation interventions, access to radiology reports to reduce overall radiology utilization or access to a discharge summary to improve healthcare value.

Before we develop yet another approach to data sharing, maybe we should revisit our assumptions about what might be needed for higher quality healthcare. In 2001, the the Institute of Medicine (now the National Academy of Medicine) outlined six dimensions for the American healthcare system: safe, effective, patient-centered, timely, efficient and equitable. Huang et al. suggest healthcare commodification filters a patient’s trust in a specific physician (including competence, honesty and fidelity [fiduciary role]) through consumerism, conflicts of interest and risk of unmet care needs. Gambetta defined trust as a “particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action.” Calnan and Rowe define three factors that make trust important at the encounter level: the vulnerability associated with being ill, the asymmetry of information between the two parties and the uncertainty about the intentions and competence of healthcare professionals.

Maintaining a patient’s confidentiality would appear to be a pre-requisite to obtain and retain that patient’s trust. We have been bombarded with recurrent healthcare data breaches (e.g., September 2011: Tricare, January 2015: Anthem Blue Cross [a competitor to my current employer], August 2019: Massachussetts General Hospital). Other industries are not immune (Facebook, Equifax, Home Depot, JP Morgan Chase, LastPass, US Postal Service). But even beyond securing healthcare data, healthcare providers have not acted honorably when using patients’ information to support their own intellectual property development.

Patients may prefer to share information in a “view-only” mode rather than providing electronic copies of the information to be subsumed into the provider’s electronic medical record for “deidentified” research. With online interactions, it is easier for patients to use different personas in different healthcare contexts. My primary care provider may know me as “Anupam,” but I may be “Julian” during my evaluation for sexually transmitted diseases and “Mark” for interactions with my psychiatrist.

Different healthcare interactions might demand different levels of information disclosure. For patients with new symptoms or persistently unexplained symptoms expecting to work with the team for a limited time, they may want to share all of their health records to help the team make a definitive diagnosis. Patients seeking a second opinion may also want to disclose as much information as possible. When starting a discrete episode of care, patients may limit what they share with a provider to only focus on those issues that are relevant to the episode. Finally, for those patients looking to establish care with a new healthcare team to manage multiple chronic issues for the foreseeable future, they may only share those pieces of their medical record they would prefer to acknowledge with a provider over months or years.

To protect a patient’s privacy and minimize the rework a healthcare team might do in subsequent encounters, both parties might agree to a minimum data set that includes information from the last three years (physician documentation, vital signs, active problem list, medication list, laboratory testing and imaging results) and over the patient’s lifetime (one-time events [vaccinations, medication allergies, operative reports). Each healthcare team may want their own “viewer,” so a patient might want a tool to display the relevant information to the team via automatic programming interface with view-only functions. A healthcare team that tried to ingest the information without the patient’s consent could jeapordize their relationship with the specific patient and any future patients who value their privacy.

Any diagnostic or treatment orders would need to be ingested by the tool managing the patient’s data. Today, an ordering provider must include a patient’s identifying information on a prescription. With new laws in place, a provider might submit the prescription electronically without a signature based on the interaction with the patient to be completed with the relevant identifying information when the patient identifies a diagnostic center or pharmacy to complete the order. Orders for controlled substances would need to be treated completely differently.

Patients who value their privacy are likely to pay out of their own pocket for encounters they would not want seen by others. Today, most medical providers only accept payment methods link to a single individual as identified by the financial world, but that may change if PayPal or digital currencies become more widely accepted. Payment might be contingent on receiving the only copy of the note with an acknowledgement that the patient could not sue the provider for medical malpractice.

What are the risks of increasing privacy between patients and providers? For patients without a clear explanation for their symptoms, it may be difficult for a healthcare professional to make a definitive diagnosis without the patient’s entire medical history. Some treatments may increase the risk of side effects when given concurrently with other regimens for unrelated conditions. Patients may choose to share additional information over the course of an encounter if they level of trust in the provider increases over the encounter. Payers and employers may have difficulty seeing all of a patient’s healthcare interactions to either adjust insurance premiums or budget healthcare costs for the future. A model variation might include demonstrating the relevant evaluation to a payer before initiating a discrete care episode. Treatments including addictive substances or medications with public health implications (e.g., antibiotics) may require a greater level of oversight than other treatments. Encounters that value patient privacy may reduce that patient’s ability to argue that a provider committed medical malpractice.

Online healthcare interactions might actually increase patient privacy rather than decrease it. Providers and healthcare systems who restructure their initial and follow-up interactions with patients to empower patients to retain as much data as possible while acknowledging the limitations of this approach in specific circumstances may have a market advantage as patients continue to be frustrated with how healthcare is currently delivered in this country.