The data are there. Let patients have them. Here’s why.

patient health data electronic medical record patient-controlled health records

Twenty-two years ago, MIT computer scientist Peter Szolovits put forward the idea of creating online repositories where patients could bring all of their health data and manage who can access it. Since then, the health IT industry has made a couple of attempts to create such patient-controlled health records (PCHRs; think Google Health and Microsoft HealthVault).

In reality, patients are no closer now to having direct access to and control over their health data than they were in 1994. But maybe now the time is right. What the health care system has finally achieved, Kenneth Mandl, MD, MPH, and Isaac Kohane, MD, PhD, of Boston Children’s Hospital and Harvard Medical School (HMS), say in The New England Journal of Medicine (NEJM), is the critical mass of supply and demand that should help get PCHRs off the ground:

  • With widespread adoption of electronic medical record (EMR) systems, at least some of any given patient’s data are likely available electronically, albeit locked up within individual institutions.
  • Patients want to be able to manage their health information.
  • Providers, developers and researchers are calling for access to those data.

So what more, Mandl and Kohane ask, needs to be done?

The need

“Patient expectations have finally caught up with Szolovits’s aspirations for a ‘guardian angel’ digital assistant that cares for a patient over a lifetime. Consumers expect to have their data available and sharable,” Mandl (director of Boston Children’s Computational Health Informatics Program [CHIP]) and Kohane (a CHIP faculty member and director of HMS’s Department of Biomedical Informatics) write. “Other industries have embraced similar principles: in response to customer demand, for example, Facebook now enables users to download their own data.”

The pair goes on to cite five reasons for restructuring the health care system around the PCHR concept:

  1. A patient could gather all of the data from all of her health care encounters in one place, providing a more complete picture of her health than the data in institution-specific patient portals ever could. “A patient-controlled record allows each patient to become a health information exchange of one,” Mandl says. “As data accumulate in a patient-controlled repository, a complete picture of the patient emerges.”
  2. Providers from multiple institutions could coordinate more effectively in the care of a single patient.
  3. Patients who want to contribute their data for clinical or health services research could do so easily.
  4. Giving patients read/write access to their information would let them augment the data and correct errors in the records, creating richer, more accurate data.
  5. The data access facilitated by PCHRs would nurture the development of intelligent health care software or health care apps.

It’s time to re-evaluate what the fundamental architecture of the health care system should look like.“[A]ctivated patients [like Matt Might] … represent the tip of an iceberg of dissatisfaction with health care and need for greater data access and control,” the pair write. “The requisite technology is no longer mysterious or expensive; it’s a set of commodity-level toolkits for data exposure, transfer, and storage.”

The solutions

So what can be done to bring the new information economy about? Mandl and Kohane outline four overarching steps:

  1. Strong incentives from the Centers for Medicare and Medicaid Services and private insurers for health care organizations to provide data to patients.
  2. Development, backed by federal health care IT policy and demand from purchasers of health systems, of uniform, standard, public application programming interfaces (APIs) to catalyze the development of an ecosystem of health data apps for providers and patients.
  3. Creation of tools by which patients can set permissions and consents for who can access their health data and for what purposes.
  4. Adoption of rigorous authentication frameworks akin to those in the e-commerce industry to provide data security and accountability.

“It’s time to re-evaluate what the fundamental architecture of the health care system should look like,” Mandl says.

Learn more in Mandl and Kohane’s NEJM Perspective.