GEHR philosophical background info

Hi Sam,

BW: This is a really interesting problem space to me. I’ve been studying HIPAA (the Health care Information Portability and Accountability Act) and have become fascinated with the discussion over how best to balance the needs of the various parties involved in the provision and payment of healthcare services so as to improve the quality and decrease the cost of health care here in the U.S.. Talk about a non-trivial problem! Interestingly, it looks to me like all the nonsense can be traced back to the health record and some fundamental questions about who owns it, who controls access to it, etc. Thanks again for sharing. Hope to hear from you soon.

SH: I agree - it is fascinating. Can I point you to our (original work on this - quite philosophical) which I wrote with Len Doyal - a professor of medical ethics in London.

http://www.chime.ucl.ac.uk/work-areas/ehrs/GEHR/Deliverables.htm#D8

I hate to ask this, but is there one deliverable you could point me to that contains the philosophical stuff? I’m up to my eyeballs right now and I can see there’s a whole bunch of good stuff at the Chime site on GEHR that I’ll have to get to asap.

Thanks,
Bill

I’ve been following these discussions with a lot of interest. So I guess it’s time for me to put in my two bits. While I’ve seen a couple of references to ownership of the medical record, I havent seen anything definitive that defines it (e.g. patient, provider, legal custiodian of record, etc., or some combination). It seems like this question needs to be clearly agreed on before issues of access can be identified. (It also could be a partial solution to distinguishing between the terms EMR, EHR, EPR). HIPAA aside, it seems that there may be some different legal issues about ownership that would also have implications for access. Any thoughts?

“Bill Walton” bill.walton@jstats.com 04/28/03 12:32PM >>>

Hi Sam,

BW: This is a really interesting problem space to me. I’ve been studying HIPAA (the Health care Information Portability and Accountability Act) and have become fascinated with the discussion over how best to balance the needs of the various parties involved in the provision and payment of healthcare services so as to improve the quality and decrease the cost of health care here in the U.S.. Talk about a non-trivial problem! Interestingly, it looks to me like all the nonsense can be traced back to the health record and some fundamental questions about who owns it, who controls access to it, etc. Thanks again for sharing. Hope to hear from you soon.

SH: I agree - it is fascinating. Can I point you to our (original work on this - quite philosophical) which I wrote with Len Doyal - a professor of medical ethics in London.

http://www.chime.ucl.ac.uk/work-areas/ehrs/GEHR/Deliverables.htm#D8

I hate to ask this, but is there one deliverable you could point me to that contains the philosophical stuff? I’m up to my eyeballs right now and I can see there’s a whole bunch of good stuff at the Chime site on GEHR that I’ll have to get to asap.

Thanks,
Bill

Hi Paul,

I agree completely that the ownership question is fundamental. Until recently I was under the mistaken impression that everybody agreed that the patient owned their medical records and that physicians were simply the stewards. Then I discovered that, as of the early '90’s, fewer than one third of the states here U.S. even had laws that required that patients be given access to their records. So yes, I think that clearing up the question of ownership is ultimately necessary. And I’m hoping that the move to electronic form will, at least in part, both precipitate that discussion and facilitate the implementation of what I perceive to be to be the obvious answer.

Best regards,
Bill

Bill,

Without federal legislation or some consensus upon formally adapted professional standards there will be much room for interpretation of ownership of patient records. I was in a situation about two years ago where I was working with a university affiliated primary clinic in which the university claimed ownership of the records and wanted open access to all patient records (they were on a fishing expedition). Clinic staff took the position that any access to the medical records other than where there was a “right to know” (e.g. defined audit) required patient consent. The judge ruled in favor of the University and levied a hefty fine against clinic staff (myself included) for blocking access to the University’s records… My point is that until the issue of ownership is clearly spelled out, questions of access are going to be left to the discretion of judges and attorneys!

Paul Juarez

“Bill Walton” bill.walton@jstats.com 04/28/03 01:32PM >>>

Hi Paul,

I agree completely that the ownership question is fundamental. Until recently I was under the mistaken impression that everybody agreed that the patient owned their medical records and that physicians were simply the stewards. Then I discovered that, as of the early '90’s, fewer than one third of the states here U.S. even had laws that required that patients be given access to their records. So yes, I think that clearing up the question of ownership is ultimately necessary. And I’m hoping that the move to electronic form will, at least in part, both precipitate that discussion and facilitate the implementation of what I perceive to be to be the obvious answer.

Best regards,
Bill

Hi Paul,

I can’t tell where you’re located but if you’re here in the U.S., HIPAA’s Privacy Rule went into effect on the 14th of this month and went a long way toward resolving this problem. Your case is a good example of the reason HIPAA was instituted. Although it doesn’t clearly address the ownership question, it’s pretty comprehensive in terms of the “use and disclosure” of individually identifiable health information. I’m not an attorney but, from my reading of HIPAA, the situation you describe would have a different outcome in the U.S. today.

Best regards,
Bill

Hi Paul,

There was likely an assignment executed by the Patient to the University
covering ownership, the assignment required prior to the Patient being
treated at the University-affiliated Clinic. These are tricky as are
arbitration agreements, usually found before or after the assignment. Did
you have an attorney review it?

In New York, my Grandmother assigned my Grandfather to a University research
clinic to be able to access the latest in cancer research. He never made it
out of the Hospital.

One can assign their right to receive income from a property to another and
the assignment, if legal, will be upheld. Our legal systems may produce
strange results in such cases. My Grandfather lived for almost one year
thereafter.

Some legal systems protect Patient records and privacy; others do not.
Bottom line is you give the Clinic only what is necessary and when it is
necessary. The assignment problem is easily handled and best described by an
attorney.

Since my focus is Patient Centered Healthcare, which requires some form of
Secure Data Store, the records are owned by the Secure Data Store.

You are very right concerning the involvement of judges and attorneys. The
legal issues must be handled up front.

-Thomas Clark

.

Yes.
The problem is that in Europe, the USA, Canada, Australia, etc, there are
many legal systems.
One generic solution that will fit all will be difficult.

The problem is intractable because it is a problem with at 5 degrees of
freedom, if not more.

In order to solve this we need discussions on:
Descriptions of contexts,
Type of infrastructure (pull/push, federation/messaging, MAC/DAC, the level
of social (persons) control versus the dependency on technology for control,
etc,
What is stored in the audit-log,
Scenario's / use cases.

And then we can have nice discussions as I read now on this list.

One solution is to assume for the discussion the existence of a Service next
to the EHR service that will control access. And that the EHR service is
completely ignorant and passive for this Access Service to operate. Then
each country (legal jurisdiction) is able to handle its own context.
And we all can use the same standard for the EHR.
The Access Service will act as 'firewall' and has all the responsibilities
for granting access.

Personally I favour this simplistic approach.
But I know there are two major contexts:
- within a legal entity
- between legal entities.
In an institution there can be a mix of these two.

Within a legal entity I will depend on social measures and therefore audit
trails for security. For this solution we need a set of agreed rules plus a
discussion on the content of the audit-trail.
Between legal entities information can only be exchanged when a person
consciously accepts responsibilities for a set of information to be shared
for a specific purpose with a specific set of other persons. The provisions
for exceptions need to be spelled out completely. Here again the audit-tral
and a set of rules are needed. But foremost it must be one person that takes
full responsibility.
As you can see I try to solve the problem by not depending to much on
informational facilities in any EHR. But I will depend on the audit-trail
where will be recorded what was published and what was accessed by whom, for
what purpose, etc. This is not part of the EHR.

The reason why I'm suggesting this way of solving the problem is:
- the problem of access control is about handling responsibility and proof.
Only persons can be held responsible
- Access control easily assumes that the evaluation of Identity, Role,
Participation, the trustworthiness of information (or sets if information)
are constants of time. All are not constant at all over time. Therefore we
can not rely on machines to operate on values judgements (rules) from the
past. But we need judgements made by responsible persons as a reaction to a
request by an other responsible person as much as possible.

Gerard

-- <private> --
Gerard Freriks, arts
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

+31 252 544896
+31 654 792800

Paul Juarez wrote:

I've been following these discussions with a lot of interest. So I guess it's time for me to put in my two bits. While I've seen a couple of references to ownership of the medical record, I havent seen anything definitive that defines it (e.g. patient, provider, legal custiodian of record, etc., or some combination). It seems like this question needs to be clearly agreed on before issues of access can be identified. (It also could be a partial solution to distinguishing between the terms EMR, EHR, EPR). HIPAA aside, it seems that there may be some different legal issues about ownership that would also have implications for access. Any thoughts?

>>> "Bill Walton" <bill.walton@jstats.com> 04/28/03 12:32PM >>>
Hi Sam,

> > BW: This is a really interesting problem space to me. I've been studying HIPAA (the Health care Information Portability and Accountability Act) and have become fascinated with the discussion over how best to balance the needs of the various parties involved in the provision and payment of healthcare services so as to improve the quality and decrease the cost of health care here in the U.S.. Talk about a non-trivial problem! Interestingly, it looks to me like all the nonsense can be traced back to the health record and some fundamental questions about who owns it, who controls access to it, etc. Thanks again for sharing. Hope to hear from you soon.
  > > SH: I agree - it is fascinating. Can I point you to our (original work on this - quite philosophical) which I wrote with Len Doyal - a professor of medical ethics in London.
http://www.chime.ucl.ac.uk/work-areas/ehrs/GEHR/Deliverables.htm#D8
I hate to ask this, but is there one deliverable you could point me to that contains the philosophical stuff? I'm up to my eyeballs right now and I can see there's a whole bunch of good stuff at the Chime site on GEHR that I'll have to get to asap.
Thanks,
Bill

The ownership issue of medical information was a 10 years discussion in Europe. Several projects we have been involved in tried to analyse ethical and legal implications of personal medical information.
The interpretation of those issues is very different from country to country, from region to region, from institution to institution and even from scientists to sientists. In all official documents of the European union sich as, e.g. the EU Data Protection Directive from 1995 which meanwhile has been implemented in all EU Member States, avoids the term ownership. In many circles, we talk about a comon responsibility of doctor and patient within the trustworthy doctor-patient relationship.
Therefore, also the practical realisation of corresponding activities are handled different. Many Healthcare Establishments hand over the original materials to the patient. In the other hand, legislation for documentation requirements and liability issues requires the originals with the institutions. As you can see, the responsibility paradigm seems to be a logical way - and all standards work items orient to the responsibility paradigm. This means on the other hand, that without consent of the patient (which could be defined at action level or at role level), the doctor has no right to access and to communicate patient's personal information.

Best regards

Bernd

Paul

I’ve been following these discussions with a lot of interest. So I guess it’s time for me to put in my two bits. While I’ve seen a couple of references to ownership of the medical record, I havent seen anything definitive that defines it (e.g. patient, provider, legal custiodian of record, etc., or some combination).

Some countries are giving legal ownership to the patient - and if it moves anywhere it will be there. The author has copyright. Ambiguous ownership has major advantages - and access can be legislated without solving the access problems.

Cheers, Sam

It seems like this question needs to be clearly agreed on before issues of access can be identified. (It also could be a partial solution to distinguishing between the terms EMR, EHR, EPR). HIPAA aside, it seems that there may be some different legal issues about ownership that would also have implications for access. Any thoughts?

Hi Bill,

I am part of the openEHR team in Australia and am also a GP (part time) and heavily involved in health informatics standards development. One of the first work items in ISO/TC 215 (Health Informatics) when it was formed five years ago was titled “Ownership and Access to the EHR”. This was proposed and led by New Zealand - Mike Mair in fact - and this was where he first proposed his immunological model of access.

Very early on in the life of this project, we agreed unanimously (including the US) that the question of ownership of the EHR was

a) not resolvable in an international context due to marked jurisdictional differences between countries, but more importantly;

b) the question of ownership is not really all that relevant in the case of the EHR – it is who controls access that is crucial – control of access equates to at least de facto “ownership”.

The name of the NZ-led project was subsequently changed to just “Access to Electronic Health Records” but the project was never completed, due in large part to demarcation disputes between the EHR working group and the Security working group. This illustrates the need to make work items like this cross vertical silo boundaries because both the technical (which predominates in Security WGs) and clinical (which predominates in EHR WGs) inputs are needed. We currently have a work item in Standards Australia of the same name which is being led by Sam but we are doing this as a joint project between the EHR and Security WGs. There is also a new work item in TC 215 being led by Bernd Blobel in WG4 (Security) and called “Privilege Management and Access Control”. The scope of this work item is broader than just access to the EHR but it is very relevant nevertheless. I’m sure Bernd would be happy to give an update on the latest status of this project.

Questions of ownership, custodianship, stewardship etc will still be considered important in particular jurisdictions (eg the GP is at least in theory the custodian of the EHR in the English NHS). Different jurisdictions will also have different opinions about who should control access to the EHR (and to what extent, in what circumstances etc). However, our Working Group 1 in TC 215 (Health Records and Modelling Coordination) was unanimous that it SHOULD be the patient/consumer who controls access to the EHR and therefore effectively “owns” the EHR.

In Australia, the Federal Government is quite clear that the patient/consumer will control access to her/his EHR. Unfortunately, the fine details of how this will be implemented have not yet been worked out in terms of the eConsent and access control models. The Federal Department of Health last year ran a concurrent series of four eConsent projects. I was the clinical consultant for one of these and Sam Heard was the clinical consultant to another. There was lots of good material which came out of these projects including commissioned background papers and project reports, but we do not yet seem to be much closer to having an agreed and detailed national e-consent/access control model(s).

I would be happy to dig out the relevant background papers and reports if you or anyone else on the list would be interested.

Regards

Peter Schloeffel

Maybe you don’t know it, but since a law dated march 4th 2002, a french citizen has
the right to access himself his complete medical record and to get a copy of it without any kind of restrictions.

Hi all,
Just wanted to make folks aware of the available standard from the OMG Heathcare Domain Task Force (HDTF) that addresses security in a Heath Care setting. The Resource Access Decision (RAD) Facility (http://www.omg.org/cgi-bin/doc?formal/2001-04-01) is a mechanism for obtaining authorization decisions and administrating access decision policies. It enables a common way for an application to request and receive an authorization decision.

As we designed and developed this specification and since the HDTF is in the business of providing the “how” we looked to those standard bodies that are in the “what” business to define the following which could then be used in conjunction with RAD:

1. What is a resource that needs to be secured in Healthcare? The patient record, a piece of the record, a programming operation that may add, delete or modify the record, a person, a place, a web page, a box on a web page, etc.

2. What is a policy that can be used to secure a resource? A policy can include rules about who can access, what group can access and what roles can access, you can also have time constraints associated with a policy.

Definitive answers to these questions were not available and we designed and developed the standard in an extensible manner to allow resources and policies to be defined by the organization using the standard with hopes that someday there may be commonly available terms for these resources and policies (but not to hold ones breath)

What we are currently experiencing with our customers, who are utilizing our implementation of the standard, is that they are defining their own policies for their secured resources in light of waiting for some standards body to define what resources and polices are. With the advent of HIPAA in the U.S. our U.S. customers have something to work with in terms of defining what policies need to be created and what resources need to be secured.

Tom

Hi Gerard,

Great! Agree! Thanks!

-Thomas Clark

The EU approach to the ownership of medical records is in my opinion the
best, reasoned approach. However, this constitutes, in essence, a single
legal system in a global community and there are many. At any time one or
more of these communities can in a process of restructuring and/or modifying
codes that could potentially affect EHR ownership. Enforcement can also be a
variable as can code on the books that conflict with existing, enforced
code.

I have lived in towns and cities that have refused to filter 'old' code and
not because it appears funny and ridiculous today but because if more recent
code is successfully attacked, modified or overturned the 'old' code is
effective and legal. It is a strategic way of running a legal system.

OpenEHR security will always have to address ownership issues regardless of
the legal forum. A change of administration translates into changes in how
daily lives must be conducted. Adaptability is key to survival. HIPPA itself
is a prime example of competing forces that will continue to shape it even
though it has been enacted and made effective. Legislative bodies legislate
and change things. Designing a standard or a system in total conformance to
today's version without adaptability is not a good idea.

OpenEHR security must function within a human information system not a
computer-based system. Wish it wasn't so because handing down a set of
commandments in a computer-based system is considerably different, an
example being the successful specification of security features for a Secure
Data Store. We haven't had this much luck in human-based systems.

Healthcare itself is dynamic and is likely to place even more burdens on
OpenEHR security, e.g., remote monitoring, diagnosis, prescription and
surgery. For example, Elizabeth Maher has submitted a short, recent response
to the post 'Re: EPR vs. EHR" that reads:

vvvvvvvvvv
The English National Health Service makes an explicit distinction
between the "cradle to grave" EHR and the Electronic Patient Record
(EPR) which is used to record episodic or periodic healthcare. The EPR
is a more generic term and is inclusive of other forms of periodic or
episodic health care besides medical care. The proposed ISO definition
of the EPR is the same as that of the English NHS except for the
addition of the word "episodic".
^^^^^^^^^^

It is timely since it points out that there are non-medical sources of
information that will ultimately have to be considered, e.g., mental health.
Each source of information may have a security system separate and distinct
from OpenEHR. The interface between security systems cannot be dropped, they
must somehow be integrated.

"episodic" (includes events, 'one-of-a-kind') records may or may not be
important, e.g., the Patient was required to visit a Clinic in China during
a business trip within the past two weeks. Records that may or may not have
to be integrated but were created and maintained (hopefully) within some
security system. Integration would have to be handled consistent with
current (at the time) OpenEHR standards.

Solutions include encapsulation of 'stray' records into a child EHR; easily
controlled and stored. Interestingly encapsulation may also apply to EHRs
created and maintained in different legal jurisdictions.

SUGGESTION:
Local, regional, national and global security monitoring and control is
needed but may be dissimilar in many respects. Ownership issues will remain
a plague. One might structure a response to include the assignment of a
right to copy today's EHR and pertinent history with copy ownership
remaining with the Healthcare Practitioner or Organization.

-Thomas Clark