Public comment to OHS opposing selling/monetizing personal medical records
PUBLIC COMMENT to the Connecticut Office of Health Strategy, HITO@ct.gov
March 4, 2020
Re: Public comment on Draft Consent Design Guiding Principles
Ellen Andrews, PhD, Board Chair
Thank you for this opportunity to provide comment on the Office of Health Strategy’s (OHS) proposed guiding principles on the Final Report and Recommendations of the Consent Design Workgroup. I listened in on some of the online meetings of the workgroup. For twenty years, the CT Health Policy Project, a nonpartisan nonprofit consumer advocacy organization, has worked to expand access to quality care for every state resident. We have several concerns with OHS’s process and development of a state Health Information Exchange (HIE).
We are especially concerned about plans to sell/monetize consumers’ medical records and data to insurers and Accountable Care Organizations (ACOs) with strong incentives to lower the cost of our care. There is considerable concern, supported up by evidence in the literature, that cost reduction by these entities can be generated by cherry-picking patients and by withholding necessary care. An HIE to connect individual healthcare providers caring for individual patients, with the patient’s fully informed consent, can both improve care and reduce costs. But allowing HIE access to insurers, ACOs, or any entity with financial incentives to deny care is unacceptable and further undermines already low levels of public trust in the healthcare system and state government.
It is not clear that the state’s plans for an HIE adds value to what already exists in our state. Seventy percent of Connecticut hospitals and 57% of doctors now share clinical information between health systems, rates above the national average. There are at least four functional HIEs operating in Connecticut now, with no taxpayer support. Any potential value of the state’s additional HIE is certainly not worth the risk to people’s care and eroding already low levels of public trust in the healthcare system.
The news is full of scandals and concerns about large entities selling our data without our consent or knowledge. Medical records are far more sensitive than browsing history or survey responses. Getting HIE privacy controls wrong risks discrimination, embarrassment, and worse for consumers. The absence of consumer controls will likely keep some people from getting necessary care, with serious consequences.
We are concerned that our private information will be in the HIE system and risky funding decisions will be made before a protective consent policy guaranteeing privacy and consumer control over our information are established. Funding needs when federal support is exhausted should not be a justification for ignoring consumer rights.
We urge you to develop, with proper public input, a consumer-directed consent policy with a robust public education effort to ensure decisions are informed. To build public trust, that process must be completely independent of and not controlled by OHS, the Health IT Advisory Council, or HIA, contrary to Recommendations #2, #3 and #19. The state has a terrible record of informing consumers of their rights. In Connecticut Medicaid’s development of the PCMH Plus program, built on provider financial risk for the total cost of care, required client notices were altered to remove description of patients’ risks.
A consent policy that requires consumers to choose between getting needed healthcare and risking their privacy is unconscionable. As providers will be required under state law to participate in the HIE, this is a very real concern.
The process of developing the guidelines, and the entire process to develop the state Health Information Exchange (HIE) are troubling. OHS’s workgroup meetings on consent were held online with minimal public notice. The consumer advocate on the consent workgroup was treated disrespectfully despite having a deep knowledge of HIEs and privacy/security issues. When it became clear that the workgroup could not come to consensus on a policy, it was decided to end with vague guiding principles.
In a very unusual decision, the HIE is being developed through a nonprofit, Health Information Alliance Inc. (HIA), to run the HIE with millions of tax dollars rather than a governmental entity subject to transparency and bound by public constraints about the use of consumers’ medical records. HIA’s Board of Directors includes insurers and large health systems that expect to have access to our personal information. HIA’s Board meets evenings in a conference room in Farmington.
We urge you to immediately commit that consumers’ personal health and medical information will never be sold/monetized or shared with insurers, ACOs or any entity with financial risk. We also urge you to halt entry of any patient information into the HIE until a fair consent policy is developed giving consumers control over who sees their medical information and preserves choice.