June 9 , 2008

Medical Records You Can Bank On
By Robbi Hess
For The Record
Vol. 20 No. 12 P. 20

The Health Record Banking Alliance says its form of patient record storage is a high-yield, low-risk proposition.

For many consumers, online banking is so entrenched in their lives that they can’t imagine reverting to the days without 24/7 access to financial records and the ability to conduct transactions via the Internet. Seeing how that technology has improved the banking experience, wouldn’t it be nice to have that type of instant access to personal health records (PHRs)? Many healthcare professionals believe that should not only be an option but a right.

Still, the majority of patient health information still resides in different places and different formats—either paper or electronic.

Physicians are required to keep patient records for seven to 10 years, but what if a patient has a recurrent symptom of an ailment that first appeared 15 or 20 years ago? Furthermore, at that time, the patient may have been under the care of a different doctor in a different city, possibly even out of the country. How can that information be accessed? It would likely be next to impossible.

However, a concept known as health record banking has the potential to tie together the loose threads of an individual’s health information.

Formed in 2006 behind the leadership of William Yasnoff, MD, PhD, FACMI, the Health Record Banking Alliance defines a health record bank as an “independent organization that provides a secure electronic repository for storing and maintaining an individual’s lifetime health and medical records from multiple sources and assuring that the individual always has complete control over who accesses his or her information.” A health record bank would house individual electronic PHRs that patients would have to obtain from their providers. The patients would then control the information inputted into their “accounts” within a framework of rights and responsibilities.

Microsoft’s HealthVault and similar PHR products are not health record banks but could be potential components of such a system, says Yasnoff, the founder and managing partner of NHII Advisors, a consulting firm that helps organizations develop health information infrastructure systems. “For example, HealthVault could be used by a health record bank as the ‘cubbyhole’ server,” he says. “[But] it cannot be used as the searching server since no searching is allowed. In addition, HealthVault does not address the problem of providing EMR [electronic medical record] systems to physicians through provision of subsidies.”

Yasnoff also points out that HealthVault will not provide marketing in a community nor is it community-based, making consumer trust an issue.

One of the alliance’s goals is to make certain everyone has a complete medical record. “HRB [health record banking] takes on that function on behalf of the customer,” Yasnoff says. “Having a complete health record is not a panacea. … How can you begin to address problems if you as a healthcare provider don’t have access to the patient’s complete health information at the time of service? You simply can’t.”

Yasnoff believes the fuss about measuring quality is inconsistent with improving quality. “I want to offer improved quality, too, not just offer measurements of quality,” he explains. “There needs to be a mechanism in place.”

According to Yasnoff, the following four steps need to be taken to make health record banking a viable option:

• Health information must be in electronic form.

• Cooperation between stakeholders (typically consumers, physicians, health plans, health insurers, employers, public health, and government) must be attained.

• Financial sustainability must be provided.

• Public trust needs to be gained.

As for maintaining solvency, Yasnoff says the following are four potential sources of revenue:

• subscription fees from consumers or sponsorships from health insurers or employees. For individuals who pay a subscription fee, their sites would be free of advertisements.

• targeted advertising.

• research query fees to be conducted with consumer permission and using only nonidentifiable information. “For example, if a pharmaceutical company is looking for stats on a certain demographic or population, they could receive aggregated numerical information,” Yasnoff says, adding that no names would be released.

• patient reminder fees sponsored by third parties such as pharmaceutical firms and physicians. “There could be individuals who might want to be notified if there were clinical trials available, and that data could be released to the individual,” says Yasnoff. “There could be a fee for that service. And for those of us who want to forget about having to schedule an appointment a year in advance or receive a reminder before a prescription is scheduled to run out, a fee could be paid by them to receive that reminder.”

With privacy concerns becoming more of an issue throughout the healthcare industry, gaining the public’s trust is paramount to any successful health record bank, Yasnoff says. Consumers must control all information in their account with the bank acting as an agent that would make information available only when told to do so. This is opposed to a fiduciary relationship in which the institution must act in the best interest of the consumer. In an agent relationship, the agent has a duty to follow the consumer’s instructions. “The bank would not make any decisions about releasing information on its own,” he says. “This is an achievable level of trust comparable to financial banks.”

Yasnoff says the health record bank should be run by trustworthy institutions such as a community-based nonprofit for policy, governance, and oversight and a for-profit subcontractor for the actual operations. “Ultimately, it would be good to have government regulation of health record banks similar to the regulation now in place for financial banks,” he says. “However, it is likely to be some time before such regulation is established.”

The backbone of a secure infrastructure centers around an architecture that prevents both large-scale record loss and improper disclosure of individual records. To achieve this goal, it may be best to establish two separate servers. “For searching the data, there would be a secure server that is located in a protected location, such as a bank vault, with no phone lines or Internet connection,” Yasnoff says. “All data would be physically walked into the facility on media—DVDs and such—and all output would leave the same way. No electronic devices would be allowed in or out, and it would operate like a classified military facility with guards, etc.”

The second server would be designed for clinical record access and would use a secure operating system such as Secure Linux. Each consumer’s health record bank account information would be stored in a fixed area on the disk (a “cubbyhole”). When users logged in, they would provide authentication and indicate which record they wished to access. Those parts of the record that the consumer had approved for release to that user would be loaded into the memory space for the user. “However, no user would be able to access or use the disk—it would not be ‘visible’ to any user,” Yasnoff notes. “The allowed portions of the record could be used and new information generated within the user’s memory space. When the user logs off, the operating system would copy any new information to the proper place on disk.”

The idea of storing PHRs in a health record bank differs from an electronic health record (EHR) system, according to Richard D. Marks, president of Patient Command, Inc., a PHR developer. “The PHR is initiated and maintained by an individual, while an EHR is a record that doctors and hospitals use to document their processes with respect to a patient. An EHR isn’t designed to be a comprehensive record for a patient and, incidentally, in most cases no doctor or hospital is paid to create a comprehensive record for the patient,” he notes.

Yasnoff says the centralization of a health record bank gives it a leg up on any EHR plan. “Even if every physician’s office and hospital were on an EHR system, they can’t all be operating independently. There needs to be a single point of entry—a giant database, if you will,” he explains. “Right now there is a scattered model of distribution, and with that model, a health record bank can’t function as it should.”

In the so-called scattered model, Yasnoff says every time a patient shows up for care, it would be a spiderweb effect of having to go out into cyberspace and gather the tendrils of information to compile the complete health record. “You would need to query all of the places the patient had ever received care and retrieve that information. That’s just not practical,” he says. “In a scattered model, you can't efficiently retrieve a single patient's record nor can you easily search all the data for research or public health purposes. There needs to be a single repository for all of that personal health record information.”

Having a singular location for health records storage would help ease concerns about implementing a system in which all healthcare organizations would have to communicate with one another. “One of the advantages of a health record bank is that all healthcare organizations only need to have an interface only with the health record bank,” Yasnoff says. “There is no longer a need for any of them to have interfaces with each other. This greatly reduces the number of interfaces that must be implemented and supported.”

Yasnoff uses the analogy of credit reporting, where all the information on an individual’s credit history is stored in one location. “We trust banks to protect our financial records because banks are regulated by state and federal laws. … The health record bank needs federal and state regulations and privacy audits on a regular basis,” he explains.

Yasnoff points out that if there had been a viable health record bank in place, Hurricane Katrina victims would have had access to their personal health information. “Health records were irretrievably lost during that disaster,” he says. “A health record bank system would enable improvements in healthcare, public health, and medical research through the availability of comprehensive and secure lifetime health records that would be controlled by the consumer in a community repository.”

Without a PHR, most people can’t be sensible, efficient consumers of healthcare when they face serious health problems, according to Marks. “The consequence of not having sufficiently informed consumers is that we have a very inefficient healthcare market on the consumer side. Combine that with the inefficiencies of healthcare that include all of the regulatory structures and the so-called perverse incentives in the current system, and you are faced with waste, patient safety issues, and often poor results for the consumers of care,” he says. “With PHRs and a health bank, at least on the consumer side, the market could become more efficient and less costly, with greater safety and better care.”

But are consumers eager to gather, input, and store their medical information? Or are they content to leave the system as it is with providers being responsible for maintaining patient records? Yasnoff points to several surveys indicating that people want the conveniences of technology to be a part of their healthcare relationships.

The reliability of information inputted by consumers has come into question by some healthcare professionals. “Sometimes physicians are initially skeptical [about the quality of the data], but once they understand that consumers already control much of the clinical information they receive, they are more comfortable,” Yasnoff says. “Ultimately, they are fully supportive when they realize that it is not politically feasible to have a system in which physicians can access their patients’ complete medical records without their consent.”

The type of patient-provided information plays a role in the level of its trustworthiness, according to Yasnoff. “For many categories of data, such as symptoms or over-the-counter medications, information from consumers is the only available source,” he says. “Clearly, information about lab tests and other third-party generated information from a health record bank will only be credible to physicians if they could be assured that consumers have not altered it.”

In any event, the health record bank appears to be another option for the industry to explore in its efforts to enhance the exchange of health information. “It’s the 21st century and people need access to their records,” Yasnoff says. “The technology for health record banking exists. It simply needs to be implemented.”

— Robbi Hess, a journalist for more than 20 years, is a writer/editor for a weekly newspaper and a monthly business magazine in western New York.