The newest buzzword in health policy today is patient-centeredness. In a long overdue move away from paternalism, policymakers are learning that by treating people with respect and including them in decisions about their health care, we can avoid costly, unnecessary care and health outcomes are better.
Unfortunately Connecticut’s Access Health Analytics isn’t listening. Access Health Analytics is a planned database that will include health care diagnoses and claims for every state resident, including medical, dental, mental health care, drugs, and lab tests. The database will include social security numbers, employer, family relationships, race, disability, and names of health care providers among other sensitive data.
As a health care policy analyst, I am excited about the potential for this database to track health care use, identify problems, target resources, and evaluate solutions. Similar databases in other states have been used to find areas of health care shortage, track vaccine use, and quantify adverse drug reactions. States have used the information to create smart solutions to these problems, and evaluate if they work. This could be a very powerful tool to improve health care in our state.
But as a consumer advocate, I am very worried about protecting the privacy and security of our most sensitive information. The news is full of unintended breaches of private information. We know of at least 15 serious breaches of health care information in Connecticut affecting up to 93,500 people. Merging all health claims for every state resident across all insurers and programs magnifies the potential damage of a breach in this new database. Given the danger, Access Health Analytics should take special pains to respect our privacy and security.
Unfortunately, they have made a different decision. They have refused to include an opt-out provision for consumers, sending the message that Access Health Analytics doesn’t trust consumers to make their own decisions about their personal health care information.
In contrast, officials in Rhode Island made a patient-centered decision to trust consumers. Started May 1, Rhode Island’s health claims database includes an opt-out option for consumers to keep their sensitive information out of the system. Early reports are that it is working well. RI officials expect less than 1.5 percent of state residents to exercise the option. A recent local news story about private health information being used for pharmaceutical marketing prompted some phone calls to officials. But after hearing about security controls and protections, many callers decided not to opt-out. And contrary to concerns raised by Access Health Analytics board members, there is no evidence in Rhode Island of prevalent health or mental health problems among those who choose to opt-out.
Thankfully, Access Health Analytics’s misguided decision can be reversed. The policy was not set in law by elected officials but was made by an advisory committee based on a staff recommendation. The decision can be unmade. And we have time — the system is still being designed.
The database has great potential to guide Connecticut in making better decisions about our expensive, broken health care system. But there is no need to violate people’s rights in the process. Access Health Analytics should trust consumers to make good decisions if they expect us to trust them with our most private information.
Ellen Andrews is the executive director of the CT Health Policy Project.